Site icon Liquidmatrix Security Digest

American Express Website Password Nonsense

You know, I have always been bothered by the Amercian Express website password limitations but, I admittedly never ran this one to ground. Well, someone ran with it. The password has always been limited to an 8 character maximum and no special characters.

I never imagined something quite this daft.

From Twice Refried News:

Thank you for your email regarding your online password.

I would like to inform you that our website has a 128 bit encryption. With this base, passwords that comprise only of letters and alphabets create an algorithm that is difficult to crack. We discourage the use of special characters because hacking softwares can recognize them very easily.

The length of the password is limited to 8 characters to reduce keyboard contact. Some softwares can decipher a password based on the information of “most common keys pressed”.

Therefore, lesser keys punched in a given frame of time lessen the possibility of the password being cracked.

*facepalm*

For the full email response, read on.

Article Link

(Imaged used under CC from fireflythegreat Flickr feed)

Exit mobile version