Poor security at Credit Expert from Experian
Jan 28th, 2007 by Jason
There have been a number of occasions lately where I have been asked to supply a passed, for an on-line service, only to be told that my secure password could not be accepted. Perhaps my password is too short, to simple? No, in each case it was because I had used special characters, such as @, ! or #.
I not expected such a low level of security from Experian!
Experian would reject a password like ‘#d!ct!0n@ry’ but allow ‘d1ct10n4ry’. Now, hopefully they would not allow ‘dictionary’ but I did not intend to try it!
It seems to me that all financial institutions should allow users to select the strongest passwords possible. I guess it’s possible that there is so much fear of crackers exploiting vulnerabilities in their website’s that many web developers opt to deny any characters that frighten them, rather than provide proper validation and security in depth.
Oh well, at least my online banking login for my Co-op current account allows strong passwords!
I agree with you Jason. Financial institutions should instil their customers with confidence… especially via their Internet services.
I wonder if their security system is set up to only accept alpha-numeric combinations, if so, that’s pretty poor.