your security does not apply here!

registering yourself as a supplier for one of the big (like in “HUGE”) automobile companies is fun: processes are mostly streamlined, response time is fairly low and security is impeccable — isn’t it?

well, as you can see in the image attached, sometimes there’s a catch to that: the integration of legacy systems seems to hinder modern (or at least contemporary) security concepts. In this case it’s the limitation to lower-case letters in the password!! moreover, in this case, the limitation applies to the password field only! the username can be a happy mixture of upper and lower case letters!

for zarquon’s sake: if we don’t get a chance to use certificate or two-factor based authentication, let us at least have a decent password!

for all of you out there that are involved in the “password complexity vs. length” discussion, let me add that here they allow for fairly short passwords as well…

3 thoughts on “your security does not apply here!

  1. No, he could not see your password in clear text. At best it would be in some encerptyd hash and he would have to decrypt it.Unless of course that he had a key logger installed on the computer when you created your password.Moreover, he can reset your password at any time to something generic and login to your account.

    • Rafaela,

      the entry was not about wether the admin may be able to see the plaintext of the chosen password. it was about cryptographic complexity (or rather – in this case – the absence of it). password rules like this are narrowing down the character set, thus reducing complexity and therefore facilitating brute-force attacks.

Comments are closed.