I opened a new account in an investment company. They gave me the user name and password , I logged in , and the first thing I wanted to do was naturally - change the password.
So I tried my regular password scheme (which is long and has capitals and symbols in it) , and I got a”Not compatible with password security requirements”
So I started to look around the page for the requirments . None was found . I tried again , with a simpler password , just in case.
So after wasting 10 minutes trying to figure out what exactly are the magnificent password requirments , I sent their help desk a message asking if they would please reveal the oh-so-secret password requirements that I was somehow supposed to guess . Few minutes later I got a call from a very nice representative that was nice enough to indulge me with this valuable info.
Do you know what those requirements are?
The password can only be 8 chars long , where the chars can be only couples of Capital letter and a digit.
Read that again.
All their passwords are of this structure : A1B2C3D4 . I would bet my life 10% of their users are using this password.
When I pointed out to the representative on the line that this is very easily crackable , she responded with “It’s not THAT easy , besides , what are you , a hacker or something? “ .”No” , I said , “ but since you Are an investment company , it’s very likely someone would have the incentive to break into your website , as there’s a significant gain to be made of it!” - To which she answered with the all time classical”That’s a system constraint” .
Or as “Little Britian” so well said : “Computer says no”.