Comments on: American Express’s Security Problem: Awful password system http://danwin.com/thoughts/american-expresss-security-problem-awful-password-system/ The 'g' is mostly silent Fri, 03 Sep 2010 22:32:20 +0000 hourly 1 By: Steve Jones http://danwin.com/thoughts/american-expresss-security-problem-awful-password-system/comment-page-1/#comment-304 Steve Jones Tue, 23 Mar 2010 09:48:58 +0000 http://danwin.com/?p=330#comment-304 I just complained to AMEX about their password policy, they stated they are "unable" to change it! Have the got an amateur coder or something? I am forced to either write my password down, or use an unsecure easy to remember one because they wont allow me to use a secure password that I DO remember. I just complained to AMEX about their password policy, they stated they are “unable” to change it! Have the got an amateur coder or something? I am forced to either write my password down, or use an unsecure easy to remember one because they wont allow me to use a secure password that I DO remember.

]]> By: Andrew Taylor http://danwin.com/thoughts/american-expresss-security-problem-awful-password-system/comment-page-1/#comment-189 Andrew Taylor Wed, 10 Feb 2010 13:59:04 +0000 http://danwin.com/?p=330#comment-189 See their "explanation" at http://blogs.pcmag.com/securitywatch/2010/02/amex_password_policies_declare.php See their “explanation” at http://blogs.pcmag.com/securitywatch/2010/02/amex_password_policies_declare.php

]]> By: Tweets that mention American Express’s Security Problem: Awful password system | Danwin: Dan Nguyen, in short -- Topsy.com http://danwin.com/thoughts/american-expresss-security-problem-awful-password-system/comment-page-1/#comment-109 Tweets that mention American Express’s Security Problem: Awful password system | Danwin: Dan Nguyen, in short -- Topsy.com Sun, 24 Jan 2010 22:49:25 +0000 http://danwin.com/?p=330#comment-109 [...] This post was mentioned on Twitter by Chris Eng, Dan Nguyen and Marqueue, Rijo Thomas. Rijo Thomas said: NYTimes had a story today about a man who accidentally was able to log into a stranger's… http://goo.gl/fb/VKD2 [...] [...] This post was mentioned on Twitter by Chris Eng, Dan Nguyen and Marqueue, Rijo Thomas. Rijo Thomas said: NYTimes had a story today about a man who accidentally was able to log into a stranger's… http://goo.gl/fb/VKD2 [...]

]]> By: American Express's Security Problem: Awful password system … | Drakz Free Online Service http://danwin.com/thoughts/american-expresss-security-problem-awful-password-system/comment-page-1/#comment-107 American Express's Security Problem: Awful password system … | Drakz Free Online Service Sun, 24 Jan 2010 05:05:12 +0000 http://danwin.com/?p=330#comment-107 [...] from: American Express's Security Problem: Awful password system … Share and [...] [...] from: American Express's Security Problem: Awful password system … Share and [...]

]]> By: Tom Human http://danwin.com/thoughts/american-expresss-security-problem-awful-password-system/comment-page-1/#comment-106 Tom Human Sun, 24 Jan 2010 04:12:59 +0000 http://danwin.com/?p=330#comment-106 Why do you believe that a concatenation of dictionary words isn't secure? If you have a 100,000 word dictionary, then there are 10 billion choices of two words, a quadrillion choices of three words. What dictionary attack will get a password like that? Plenty of places have stupid passwords. A Major Brokerage Firm uses 6-8 characters, lower case, no punctuation, must contain a number, and that number can't be at the start or end of the password. That rule is so restrictive it's almost impossible to come up with a password at all! Why do you believe that a concatenation of dictionary words isn’t secure?

If you have a 100,000 word dictionary, then there are 10 billion choices of two words, a quadrillion choices of three words. What dictionary attack will get a password like that?

Plenty of places have stupid passwords. A Major Brokerage Firm uses 6-8 characters, lower case, no punctuation, must contain a number, and that number can’t be at the start or end of the password. That rule is so restrictive it’s almost impossible to come up with a password at all!

]]> By: uberVU - social comments http://danwin.com/thoughts/american-expresss-security-problem-awful-password-system/comment-page-1/#comment-105 uberVU - social comments Sun, 24 Jan 2010 02:31:43 +0000 http://danwin.com/?p=330#comment-105 <strong>Social comments and analytics for this post...</strong> This post was mentioned on Twitter by dancow: NYT re: accidental breach of AmEx account. No surprise, AmEx password limit is 8 case-insensitive alphanumerics http://bit.ly/8mvaUw... Social comments and analytics for this post…

This post was mentioned on Twitter by dancow: NYT re: accidental breach of AmEx account. No surprise, AmEx password limit is 8 case-insensitive alphanumerics http://bit.ly/8mvaUw...

]]> By: Computer, Electronic, and Freeware http://danwin.com/thoughts/american-expresss-security-problem-awful-password-system/comment-page-1/#comment-103 Computer, Electronic, and Freeware Sun, 24 Jan 2010 00:20:26 +0000 http://danwin.com/?p=330#comment-103 [...] American Express's Security Problem: Awful password system … [...] [...] American Express's Security Problem: Awful password system … [...]

]]>