» Bad Amex! Bad!

August 28th, 2006 by Chandler Howell

I went to register for on-line access to my Amex card this morning and discovered that these are their account and password rules:

Your User ID should:

* Contain 5 to 20 characters - at least one letter (not case sensitive)
* Contain no spaces or special characters (e.g., &, >, *, $, @)

I can live with that. It’s a little irritating but I have lots of usernames that have just letters and numbers in them.

But then I get to the password rules…

Your Password should:

* Contain 6 to 8 characters - at least one letter and one number (not case sensitive)
* Contain no spaces or special characters (e.g., &, >, *, $, @)
* Be different from your User ID

I know that security practitioners love to pronounce the End of Passwords as a meaningful security measure, but I’d prefer if my (company mandated) financial institutions didn’t help things along.

- Posted in Security and Risk Management

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


« Lessons not to learn from the Liqui-bombers
Risk Geeks »


- Leave a Reply