Yesterday I received an e-mail that Flying Blue moved away from their 'pin' (a few digits only) password for online services. My initial response was being very pleased about this move. I've just changed my pin to a password, but... See the screenshot below for the password restrictions. facepalm
While resetting my password at DeltaLloyd the following password failure was shown:
The upside is that they require at least 8 characters but only at most 32 characters in total and I can only use a few special characters (which makes them less special)
While resetting my password at Examslocal the following password failure was shown:
The upside is that they require at least 6 characters but only at most 20 characters in total
After my Dutch rant, now it is time to do an English one. I've noticed (generally speaking) that customer support does not reply to messages about password insecurity. Since these kind of security flaws do not get fixed, perhaps mentioning them out in the open is the way forward. Nowadays 'social media' are 'news' sources and they respond best to a 'drama' type of news. So let's give that a try, in the hope that the insecurities get fixed and we all get a more secure and safer future.
Het is zover, ik ben er helemaal klaar mee. In de afgelopen jaren heb ik zeer regelmatig een mail naar de klantenservice van verschillende partijen gestuurd over dit soort fouten, maar daarop kreeg ik nooit een reactie. Gezien dramavoetbal, soms gefaciliteerd door "social media", soms door "nieuws", tegenwoordig blijkbaar beter werkt, kan ik net zo goed hierover bloggen. Misschien dat iedereen hiervan kan leren en we uiteindelijk betere en vooral veiligere systemen krijgen.