41
saas
4y

I have bank accounts with 5 different banks.
I HAVE TO use 4-5 different government websites.

Every fucking place: you cannot use these "~-/;^"(some others too) symbols in your password.

Are you freaking fucking kidding me!! And all of them have a limit of 12or15 characters.

If this wasn't mind numbingly stupid enough, they fucking go ahead and force you to change password every fucking month or two.

THIS IS NOT SECURITY. YOU SHOULDN'T FORCE SOMEONE TO LIMIT THERE PASSWORDS TO:
- CERTAIN CHARACTERS
- A 15 CHARACTER SIZE LIMIT
- THRN OVERTHAT, FORCE TO CHANGE PASSWPRDS PERIODICALLY.

ALL THE 5 MAJOR FUCKING BANKS IN INDIA.

FUUUUUCCCCKKKKK YOUU 🖕

Comments
  • 5
    Having a government do things to any large extent is usually equal to bad quality. A governments operations should focus on nothing other than courtrooms and laws, a police department to enforce those laws and the nations military defense.
  • 6
    My bank only allows password that can't be longer than 6 characters and only accepts numbers and letters...
  • 4
    @polo123qwe
    tf?
    .....
    Which bank?
  • 4
    Correct me if I'm wrong but isn't that a sign that the service doesn't save password properly? As far as I know, the best way to save passwords is hashing them and salting them - and in that process, no matter if the password the user has set is 6 or 60 characters long, or what characters it includes, the resulting hash will have a fixed length, so in turn the provider shouldn't care about the password's length as they all use the same amount of space. Right?
  • 2
    This is bad security, fuck the banks and their stupid employees.
  • 8
    Pretty sure there have been studies that password timers actually make passwords severely worse. Because most people won't try to remember a long string like D*s78&H+2hg#etc.

    But the few that do certainly won't if it only lasts for a month. And clicking edit in a password manager EVERY MONTH? NOPE! passwordJune2019 it is.
  • 1
    @theKarlisK LMAO 🤣
  • 1
    @ManicRobot-- Right. That's what's worrying me. I think all of them store passwords in plain text. 😅
  • 0
    @polo123qwe no shit. This requires a brute force. Immediately.
  • 1
    @ManicRobot-- Well the website could check the password client side first. And some services may rely only on HTTPS for sending the password and then hash it only on the server. There are so many ways to fuck this up.
  • 0
    @polo123qwe holy shit that should not be your bank!!! Leave it
Add Comment