cancel
Showing results for 
Search instead for 
Did you mean: 

WACKY WEDNESDAY: case insensitive passwords and bank security

tag
onstar
Established Contributor

WACKY WEDNESDAY: case insensitive passwords and bank security

Banks where online access password is cASe SEnsiTive:
Barclay
BofA
Discover

 

Banks where online access password is case insensitive:

American Express
Capital One
Chase
Citibank
TD Ameritrade

 

First, did you know that all these banks use passwords that are case insensitive? Does the password being case insensitive worry you?

 

For example:

I was aiming for all my balances to be zero, so I chose as my password R0adT0Zer0 on most of my credit card accounts. All the '0' in the password are zeroes. But for the banks where the password is case insensitive, I can type r0adt0zer0 without capitalizing some of the letters, and they will accept it and let me in.

 

At first, I was a little bit ticked and worried. But the more I think about it, the less I care given all the other security measures.

 

 

 

NOTE 1: My password shown above, R0adT0Zer0, is not my actual password. It was given as an example.

 

NOTE 2: Facebook passwords are semi case sensitive. If you reverse all the case in your password, that will work; this is to accommodate users where they accidentally have CAPS LOCK on and type their password. So if your FB password is LetMeEnter34, then you can use lETmEeNTER34 as your password. Another acceptable variant is if your first letter of the password is lower case but you use upper case for the first letter; this is to accommodate mobile users where often the first letter is automatically capitalized by your smartphone.

 

BK DC 4/9/2018
FICO 08 (4/9/2018): EQ 647 EX 609 TU 620
FICO 08 (10/16/2020): EQ 676 EX 659 TU 653
Message 1 of 21
20 REPLIES 20
Anonymous
Not applicable

Re: WACKY WEDNESDAY: case insensitive passwords and bank security

Yes.

Message 2 of 21
longtimelurker
Epic Contributor

Re: WACKY WEDNESDAY: case insensitive passwords and bank security

Not a cc, but I ran into a site yesterday (UK Passport Application) where the username was case sensitive, which caused my first login to fail (and to be warned I had two more attempts before permanent locking).    Guess the theory is that naughty terrorists dont understand case.

Message 3 of 21
Anonymous
Not applicable

Re: WACKY WEDNESDAY: case insensitive passwords and bank security

What about SmOrgasBoArD?

Message 4 of 21
Anonymous
Not applicable

Re: WACKY WEDNESDAY: case insensitive passwords and bank security

What about smorgasboard? It's misspelled! 😁
Message 5 of 21
Gunnar419
Valued Contributor

Re: WACKY WEDNESDAY: case insensitive passwords and bank security

Yes, it definitely worries me that so many banks have case insensitive passwords. I knew Amex did, but didn't know about those others.

 

It also worries me that so many companies limit the length of the password and forbid certain symbols to be used. We should have access to EVERYTHING that helps make our passwords more secure, period. In this day and age it's completely crazy to place requirements that make passwords less secure.

 

Also though, for our own part, we shouldn't be using the same password from bank to bank, but should use a different one for every login.

Message 6 of 21
longtimelurker
Epic Contributor

Re: WACKY WEDNESDAY: case insensitive passwords and bank security


@Gunnar419 wrote:

Yes, it definitely worries me that so many banks have case insensitive passwords. I knew Amex did, but didn't know about those others.

 

It also worries me that so many companies limit the length of the password and forbid certain symbols to be used. We should have access to EVERYTHING that helps make our passwords more secure, period. In this day and age it's completely crazy to place requirements that make passwords less secure.

 

Also though, for our own part, we shouldn't be using the same password from bank to bank, but should use a different one for every login.


But for those worried, passwords themselves are not really enough, should have two-factor authentication, like some European banks, where you have a RSA token or similar that changes every minute.

Message 7 of 21
Anonymous
Not applicable

Re: WACKY WEDNESDAY: case insensitive passwords and bank security

I remember system called nem-id when I was in Denmark, they send you a card with bunch of one time use passwords, and each time you log on it ask you to match the password number printed on card. It was very secured system but if you forget to take it with you on travel or lose the card, can't log on until you have the card.
Message 8 of 21
CraigHwk
Regular Contributor

Re: WACKY WEDNESDAY: case insensitive passwords and bank security

Charles Schwab is pretty bad when it comes to passwords as well.  Not only is it case insenstivie, but you can only have up to 8 characters.   Good thing they offer a phsyical token to help matters, but it's still ridiculous with security being so important.

 

USAA MC ✪ Amex BCP, SPG, Platinum ✪ Chase Sapphire Preferred, Freedom, Freedom Unlimited, Marriott Rewards, United Explorer ✪ Discover IT ✪ CapOne QS ✪ Fidelity Visa ✪ BarclaysPlatinum Rewards ✪ Citi Double Cash


Starting EX FICO (2010): 513 | Current FICO: EX 759, EQ: 773, TU: 761
Message 9 of 21
longtimelurker
Epic Contributor

Re: WACKY WEDNESDAY: case insensitive passwords and bank security


@Anonymous wrote:
I remember system called nem-id when I was in Denmark, they send you a card with bunch of one time use passwords, and each time you log on it ask you to match the password number printed on card. It was very secured system but if you forget to take it with you on travel or lose the card, can't log on until you have the card.

Yes.  Hopefully more will move towards soft tokens which are generated by an app on a smart phone, which you are more likely to have with you!

Message 10 of 21
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.