If interchanging caps = higher security, what excuse do banks have?

Status
Not open for further replies.
J

Jayce

Fully Optimized
Messages
3,056
Location
/home/jason
I have to ask because I found this rather odd. I noticed I mistyped my password in my online bank, and it let me in. I ended up realizing that my password is not case sensitive. I have another account with an unaffiliated bank, and sure enough at that one too my password was not case sensitive.

Has anybody else noticed anything similar? This to me screams Security 101, yet multi million dollar bank corporations aren't utilizing it?? I sure hope they at least encrypt their passwords. </lolsony>
 
Company specific, just tried my bank and it is case sensitive.

Something their management needs to know about. HUGE oversight on the part of their IT department.
 
My bank login is case sensative. Not aware that they don't do that... Can' they spend "a little" money on this?
 
Math anyone?
#of combinations for an 8 digit password (alphabet and numbers only) without caps= 2,821,109,907,456
#of combinations for an 8 digit password (alphabet and numbers only) with caps= 218,340,105,584,896

If the password was case sensitive, 8 digits long, and only contained letters and numbers, as well as caps, it would have ~ 77.4 times more combinations.

I say that case sensitive passwords are a must for just about any website, especially banks.

Edit: This is my own math, feel free to check for errors.
 
Permutation/combination calculation? Never did that in school?!
n^x where n is the number of things you have to choose from and x is the number of times you have to choose it. E.g in this case, 36 is n (26 letters of the alphabet + 10 numbers 0-9) to the power of 8 (8 digit password)
 
I'm not smart like you Aussies... :lol:

Farthest I got in math was Algebra II. And I almost failed that. I just didn't understand it.
 
I emailed Wells Fargo about it, and they're going to "get back to me with a senior security analyst to further discuss the issue at hand." Yeah, okay.

P.S. - thread move fail. It actually has nothing to do with Windows at all, and to further tack an LOL on it, I was using a Linux system.
 
Status
Not open for further replies.

Similar threads

S
Strong Security for the Paranoid. Somethings I have picked up on.
Replies
2
Views
2K
carnageX
carnageX
W
What do you think of this build? Budget of 1000-1500
Replies
3
Views
1K
PP Mguire
PP Mguire
iPwn
Tips for Wireless Security
Replies
2
Views
3K
1337G33k
1337G33k
E
Having an issue with my monitor/video out put
Replies
2
Views
1K
eeeiieeiio
E
J
Connected to internet, but can't browse web (Have Hijack this logs)
Replies
4
Views
2K
jules81
jules81
Back
Top Bottom