January 11, 2021

How concerning are low password length limits on financial institutions online services?

I use multiple banks and brokerages for financial services each with an associated online account to access accounts online and through a mobile application.

I’ve noticed a trend that there are low password length restrictions not allowing for passwords longer than 20 characters or not allowing special characters. Coming from an IT background I try to use long passwords with multiple special characters usually much longer than 20 characters as recommended by cybersecurity experts.

How much extra risk is associated with an account that has a 20 character password versus a 64 character password? Should these banks and brokerages increase the limit? What sort of technical roadblocks from infrastructure or application code would require such a low limit? Is it indicative of legacy technology?



Try r/cybersecurity101

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.