<div dir="ltr">Any website that places "limits" on your password is doing it wrong. Minimums are fine (and arguably good) but limiting total length, character set, or worst of all, words that can be included is doing it wrong. I once saw a site that said something like:<div>
<br></div><div style>The following are not allowed in usernames or passwords: ", ', =, /, *, -, SELECT, DELETE, UPDATE, INSERT, UNION...</div><div style><br></div><div style>That's right: they're looking for specific keywords to prevent SQL injection... (and I distinctly recall that *DROP* was not in their list!)</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 28, 2013 at 11:22 AM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This is just my opinion but....<br><br>When I need to use a secure login for a web site like, say, a utility company or a shopping site that stores my credit card, I like to test the security of their coding practices by trying to use a password that has a '.' and a '!' in it. When they password checker complains, I take that as a good sign their coders don't properly escape user input data and thus are probably crappy in other areas.<br>
<br>I am astounded at the number of places that still have issues (Verizon!).<span class="HOEnZb"><font color="#888888"><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
</i></i></i></i>
</font></span><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>David Tomaschik<br>OpenPGP: 0x5DEA789B<br><a href="http://systemoverlord.com" target="_blank">http://systemoverlord.com</a><br><a href="mailto:david@systemoverlord.com" target="_blank">david@systemoverlord.com</a>
</div>