Recently I was asked by my bank to change my password. This coincided with a new website and mobile banking interface for the bank. The new password had to be at least 8 characters long and contain at least one number, one capital letter and one special character. Whaaaat? It works out that this kind of password is actually not very secure, and more likely to be hacked by a computer hacker than more simple passwords. It might not come as a surprise, but computers can try out combinations of characters in nano-seconds. The number of combinations that must be searched before finding your password is directly related to the length of your password. This password:
is way more secure than this password:
And the first password is easier to remember! I complained to the bank, but it fell on deaf ears. I was told they consulted with experts on internet security and follow banking industry practice to ensure the highest level of security through password choice. That’s just bullshit.
You can read more about password security in this WIRED article.