Comments on: TSP Changes Login Procedure http://cashmoneylife.com/2007/05/26/tsp-changes-login-procedure/ Money Management, Small Business, Career Fri, 19 Mar 2010 14:05:17 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Jay http://cashmoneylife.com/2007/05/26/tsp-changes-login-procedure/comment-page-1/#comment-127 Jay Sat, 26 May 2007 17:36:21 +0000 http://cashmoneylife.com/2007/05/26/tsp-changes-login-procedure/#comment-127 I agree about the "security" of the new passwords. For some reason I've been extremely keen on noticing sites that promote weak passwords recently: American Express (can't even update the password using a Mac w/ Safari or FF), E*trade (6 to 32 characters with at least 1 number--no special characters!), Bank of America Military Bank IIRC, off the top of my head. Most of the sites that I catch seem to be financial sites or professional (credit card company, banks, places that deal with money). When will they learn? You can pick a more secure password on most forums that are floating around. Closed source mentality vs. open source mentality maybe? I recall building a closed source custom web application for internal use and was steered away allowing from special characters. Now, I'd probably put up a bigger fight for it. My other favorite is sites that force you to put in a specific format for phone or credit card numbers (no dashes, put dashes, etc.) Regular expressions make it easy to check on the programming side for correctly entered numbers and can standardize the format for insertion into the database. Rant for another day I guess... I agree about the “security” of the new passwords. For some reason I’ve been extremely keen on noticing sites that promote weak passwords recently: American Express (can’t even update the password using a Mac w/ Safari or FF), E*trade (6 to 32 characters with at least 1 number–no special characters!), Bank of America Military Bank IIRC, off the top of my head.

Most of the sites that I catch seem to be financial sites or professional (credit card company, banks, places that deal with money). When will they learn? You can pick a more secure password on most forums that are floating around. Closed source mentality vs. open source mentality maybe? I recall building a closed source custom web application for internal use and was steered away allowing from special characters. Now, I’d probably put up a bigger fight for it.

My other favorite is sites that force you to put in a specific format for phone or credit card numbers (no dashes, put dashes, etc.) Regular expressions make it easy to check on the programming side for correctly entered numbers and can standardize the format for insertion into the database. Rant for another day I guess…

]]>