Security the Amex way
While there are arguments against the effectiveness of PCI-DSS (Payment Card industry Data Security Standards) compliance, it's going nowhere soon.
With that in mind, a recent article caught my eye about how one of the big credit card companies handles it's own Information Security.
Some gems from the Amex response:
I would like to inform you that our website has a 128 bit encryption. With this base, passwords that comprise only of letters and alphabets create an algorithm that is difficult to crack.
This is one I've encountered before where transport-layer security is confused with authentication security. Their website could have 128,000 bit encryption, it won't help them when I guess your password is 123456.
We discourage the use of special characters because hacking softwares can recognize them very easily.
More easily than non-special characters? Wow.Scary. Although a friend did comment "Well at least they have a password policy!"
The length of the password is limited to 8 characters to reduce keyboard contact. Some softwares can decipher a password based on the information of "most common keys pressed".Therefore, lesser keys punched in a given frame of time lessen the possibility of the password being cracked.
Would that not mean a single character password was even more secure?
0 Response to "Security the Amex way"
Post a Comment