My password character count rant

prime
prime
Community Member

So I been using 1Password for over a year now and it has really changed how I do things. It was a learning experience because I was so use too using easy passwords that I can type in pretty easy. Well I have realized now that I don't need to be able to type all my passwords in for every website I go on. Now every website I do to on all have a different and long password, and I feel more secured about this.

My wife is still learning, but she does use 1Password. I gifed the app to her from the iTunes App Store and slowly she is using it. We will work on transferring all her passwords from iCloud keychain, I'll probably have to do it haha.

So we get to today. We switched car/home insurance and saved over 15%... (More actually), but anyways, we made a user profile for the new insurance company and came to the making of the password part. Now, this is a big name insurance company and was sad to see when I made the password with 1Password, the website said it was too long and the maximum amount of characters is 10. I can't believe its only 10! How can a big name (probably one of the biggest in the USA) only have a small limit of 10?

So this is my rant for today. I am shocked that in an age where sites are getting hacked, and some sites still use a small limit like this. Even Comcast lets you use 16 (still a very low character count in my opinion), and others out there use a lot more. I am shocked to see PayPal's character count is only 20 also, and they have a lot of my info on their site.

Thanks for reading my rant, have a great day! :)

Comments

  • I had the same problem with a bank. When I asked them about it they indicated that their security involves much more than just a username and a password (though they don't have much if anything beyond that which is visible to the end user).

    I think it is a very valid point, and hope these companies will update in the near future as more and more websites are compromised due to insecure passwords.

  • prime
    prime
    Community Member

    I know with my bank, when I sign on a new browser or my bank app on a new phone, I do have to verify myself with my cell number or email address. All banks should do this at the minuin, but I have heard some don't.

    With my insurance they have a feedback about the website, so I send in my concern about the 10 character limit. I hope they change that soon.

  • Megan
    Megan
    1Password Alumni

    Hi @prime,

    Thanks so much for bringing this to your insurance company's attention. My bank only recently upgraded their password requirements from a maximum of 8 digits (Yikes!) so progress is being made, if slowly. Providing companies feedback is a great way to help the process along. :)

  • harryngh
    harryngh
    Community Member
    edited April 2015

    I use this removed by AgileBits tool and it works like a charm. Another alternative is the removed by AgileBits website.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @harryngh,

    First off, I'd like to thank you for contributing to the conversation. Now I did remove the links as we're discussing password lengths and we're very cautious when it comes to such matters. We can never recommend entering your password into another site under any circumstances. So even though the site in question wouldn't know where the password is used or under what username it just doesn't feel right. You may of course disagree which is your prerogative but when it comes to the sort of data we hold in our vaults I go with the better safe than sorry adage.

    I hope you don't take it as a intimation not to post, as all 1Password users are welcome here :smile:

  • wkleem
    wkleem
    Community Member

    @littlebobbytables, Might xkcd help? They have the comic strip on password strength. Someone actually devised a password generator based on that.

  • prime
    prime
    Community Member

    My rant is about how there are websites out there that will only allow a very small character count for a password. My insurance company only allowes 10 and that is it. That length is nothing now a days.

  • wkleem
    wkleem
    Community Member

    @prime, Does the insurance company login allow extended characters like those above numbers on the typical keyboard (@#$%^)? It could be sufficient if it works.

  • Megan
    Megan
    1Password Alumni

    @wkleem,

    I would sincerely hope if they're limiting a password to 10 characters that they don't also require it to be alpha-numeric. Even so, it is our dream at AgileBits that one day password restrictions will be a thing of the past: 10 characters is a pretty severe limitation, even with special characters.

  • RichardPayne
    RichardPayne
    Community Member

    The most worrying thing about these sorts of limitations are the justifications used to excuse them. My bank said that using extended characters causes problems for their downstream systems. This essentially means that my password is stored non-encrypted and is being passed around their internal systems, not to mention that some of their systems likely aren't doing proper input sanitisation! :(
    Password length limits are also a good indicator of poorly designed software.

  • prime
    prime
    Community Member

    When I 1st made an account, it was just numbers and letters. After taking with them, they now make it so I can use symbols too.

    I think 1Password has spoiled me, because I want a minimum of 20 charaters for any site lol.

  • RichardPayne
    RichardPayne
    Community Member

    I know how you feel prime. I get pissy if I can't my full green bar giving 30 char random password. ;)

  • Megan
    Megan
    1Password Alumni

    Hi @prime and @RichardPayne ,

    Well, I'm perfectly happy to hear that 1Password has spoiled you and gotten you used to expecting nothing more than the best when it comes to strong passwords. That's a great habit to be in! Now we just need to convert the rest of the world. ;)

This discussion has been closed.