Last night, I was trying to log into one of my accounts, but I could not manage to remember my password. I clicked on the “forgot password” link, got an email with a link to reset my password, where I attempted to create a new password.
Except, I kept getting error messages: invalid character or too long. For almost ten years, I have been using special characters in my passwords (ever since I had to create a password that required three of four types of characters: lower case alpha, upper case alpha, number, special character, but would not accept any password that had less than four of four types). And I have come to realize that longer passwords are harder to crack.
I finally clicked the link that told what made up an acceptable password – upper/lower case letters, numerals, and ‘-’ and ‘_’. No spaces, no dollar signs, not even an exclamation point!
With all of the companies in the news for having their customer databases hacked, why would any company want to limit their customer’s ability to create ANY password they want by reducing the number of characters allowed in a password or its length? That is forcing your customer (me) to use what your customer (me) believes is a less secure alternative?