On Passwords

Man, I don’t get why my online banking has lower requirements than the thing I would use to file medical receipts.  It’s my data, FFS, so I just dropped this in to their customer contact bin.

Hi -

I tried to set up my southern cross today, and got to the password page where it requires two letters and two numbers.

I stopped there and won't be continuing - you're asking me to keep a different type of password to what I usually use, and I'd be constantly forgetting it and having to reset.

Just thought you'd find the feedback useful; since it's my data you're holding it's not your job to tell me security requirements as it's my risk, and I doubt I'll be using the service until it better suits my needs.  As it happens the password I was trying to use was a) 13 characters long, b) contained shifted case, and c) had three special (non-letter/number) characters.  This was good enough when I worked in a secret-cleared environment for the Police so I'm not sure why it's not good enough for me to file claims with you.

The average person has about 150 different accounts online these days, and they need onerous and one-off passwords like they need a case of cancer.

Feel free to pass this on to your usability and security people :)

Many thanks