![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
"security" rant
Jun. 8th, 2008 08:29 pmThe other day I signed up with Digg. I thought they had a geek orientation, since it's mostly my geeky friends that are signed up. Not only are their "Terms of Use" clear as mud, the password has to be only letters and numbers. Not only that (& I expect better from a "geek" site), they don't tell you until after they reject the password. Oh, and they won't let me use a spamgourmet address. I am a big fan of disposable addresses. They let me know who has been handing out my email address. No, I had to use a "real" email address.
So, I tried to log on to hotmail. It said that it was the wrong password. So, I had it reset. When I tried to type in a new password, it told me that I couldn't use the same password as I had before. I guess I hadn't forgotten it. So I tried again, using no upper-case letters, and it still said I couldn't use the same password. So, I tried a new one. Guess what? I couldn't log in with that one. It didn't recognize it. Okay, check that I can remember my Yahoo email password. I can, so I give that to Digg. Are they happy now? I will only see email from them when I remember to check my Yahoo mail. That spamgourmet email address forwards to my Gmail account, which I look at all the time.
So, why is it that sites don't like non-alpha-numeric characters in passwords? The banks tell me to use a strong password, but most of the bank sites that I go to won't accept my password. I like to have upper and lower case letters and numbers and punctuation, makes a much stronger password.
I have a system for making up passwords that I can remember, it varies depending on the site. But, and I have to remember where I have which kind of password I have, at each of these sites. Grrrr.
Don't get me started on security questions. I hate it when I have to choose one from their stupid list. "What was your grandfather's occupation?" Uhm, I have two grandfathers. "What is your mother's maiden name?" Wait a minute, that's not so hard to find on the internet. "What is the name of my elementary school?" Uhm, I went to two; some people went to more than two. Not to mention that sometimes I think of it with "Elementary" as part of the name and sometimes with "Elementary School", and sometimes without either. "What is your father's middle name?" He has two middle names. Lots of Catholics have more than two middle names.
So, I tried to log on to hotmail. It said that it was the wrong password. So, I had it reset. When I tried to type in a new password, it told me that I couldn't use the same password as I had before. I guess I hadn't forgotten it. So I tried again, using no upper-case letters, and it still said I couldn't use the same password. So, I tried a new one. Guess what? I couldn't log in with that one. It didn't recognize it. Okay, check that I can remember my Yahoo email password. I can, so I give that to Digg. Are they happy now? I will only see email from them when I remember to check my Yahoo mail. That spamgourmet email address forwards to my Gmail account, which I look at all the time.
So, why is it that sites don't like non-alpha-numeric characters in passwords? The banks tell me to use a strong password, but most of the bank sites that I go to won't accept my password. I like to have upper and lower case letters and numbers and punctuation, makes a much stronger password.
- ING wants numbers only! I have to remember some stupid picture and a phrase (not a phrase I wrote, one I chose from a list). I have to use part of my client card # to log in, instead of a user name, and they won't remind me which part at login.
- Laurentian Bank of Canada is switching from four digit number to, you guessed it, letters & numbers only. I have to choose the picture every time I log in. They gave me the pix to choose from. They gave me an "access number", that I have to type in instead of a user name.
- CIBC allows me to pick a user name, but only allows letters & numbers in the password.
- Citibank allows me to pick a user name, but only allows letters & numbers in the password.
- American Express allows me to pick a user name, but only allows letters & numbers in the password.
- HBC credit cards allows me to pick a user name, but only allows letters & numbersin the password, but there must be at least two digits.
- Canadian Tire MC wants a user name and the last seven digits on the back of the card. It allows a decent password.
- Royal Bank wants my client card number. I can have the computer remember the number and nickname it. Decent passwords allowed.
- National Bank allows a user name and decent password.
- PayPal uses my email address and allows a decent password.
I have a system for making up passwords that I can remember, it varies depending on the site. But, and I have to remember where I have which kind of password I have, at each of these sites. Grrrr.
Don't get me started on security questions. I hate it when I have to choose one from their stupid list. "What was your grandfather's occupation?" Uhm, I have two grandfathers. "What is your mother's maiden name?" Wait a minute, that's not so hard to find on the internet. "What is the name of my elementary school?" Uhm, I went to two; some people went to more than two. Not to mention that sometimes I think of it with "Elementary" as part of the name and sometimes with "Elementary School", and sometimes without either. "What is your father's middle name?" He has two middle names. Lots of Catholics have more than two middle names.
