Password security limitations of various websites
| Site | Notes | Result |
|---|---|---|
| Amazon | Allows the password. Gold Star! |  |
| Discover Card | Allows the password. Gold Star! | |
| Chase | Doesn’t allow symbols. |  |
| Ally | 16 character maximum! | |
| Fidelity | 12 character maximum, no symbols! | |
| Instructables | Allows the password. Gold Star! | |
| Allows the password. Gold Star! | |
|
| Kiva | Allows the password. Gold Star! | |
| Yahoo | Allows the password. Gold Star! | |
| Mt. Gox | Allows the password. Gold Star! | |
| Dwolla | Allows the password. Gold Star! | |
| CampBX | Allows the password. Gold Star! | |
| Paypal | 20 character maximum! | |
| Allstate | Passwords must be 6 to 10 characters, certain symbols not allowed (<, >)! | |
| Geico | 16 character maximum! Only allows certain special characters! | |
| Github | Allows the password. Gold Star! | |
| Site5 | Allows the password. Gold Star! | |
| IMDB | Allows the password. Gold Star! | |
| Ebay | 16 character maximum! | |
| Etrade | Strange invalid character error, not a stated limitation. Further investigation shows no special characters are allowed. | |
| Newegg | Allows the password. Gold Star! | |
| Netflix | 4-10 characters. | |
The really alarming part is most of the failures I ran into had to do with banking/money. Why do these sites put limits on user password security? It seems like that’s the last place you would want these kinds of limitations. It’s hilarious that sites like IMDB, which I don’t expect strong security from whatsoever, allow me to use more secure passwords than my bank accounts. I especially love this from Etrade – they don’t specify what character was invalid, or that there are any invalid characters that could be entered:
Upon further investigation, I found out they don’t allow special characters.
I also love how Netflix apparently allows a 4-character password! That’s secure, huh!