For most sites, I use the same, standard password. On sites that deal with financial or confidential info, I use a stronger password, but still use the same one between those. I think most people probably do this, too. It's just impossible to remember completely separate passwords for every site you use.
So when certain sites feel that they have the right to dictate the requirements for a password for their own site, I get a little annoyed. Take Authorize.Net for example (from where the screenshot above was taken) - they require 8 characters, UPPER and lowercase characters, AND a number and/or symbol. ON TOP OF THAT, they periodically REQUIRE that you change your password.
Since my shared passwords don't meet all of these requirements, I have to create a new password for sites like these, and then write them down somewhere so I don't forget all these one-site passwords. But...isn't it less secure for me to be writing these passwords down where someone can find them? (Sure, I use a computer-based password-protected password manager, but still...)
But the sites that bug me the most are the sites that require these extra secure passwords but don't actually store any of your super sensitive information. Take Donate Linq, for example. Donate Linq has special password requirements (I can never remember this password), but doesn't even store my credit card information, and as far as I can find, they don't even provide the option. The only thing they are protecting is my donation history, which I have to share with the government every year anyway.
It just bugs me to no end how certain developers think they can impose extra security measures when the responsibility lies on the user to ensure that they don't use easily crackable passwords. There are other measures developers should take, like auto-locking an account after several incorrect attempts, and other non-end user based "solutions".
Posted almost 4 years ago