Update:
Thanks to some diligent commentators and www.howsecureismypassword.net we have learned that these passwords can be cracked in about 4 minutes by a computer.
Thanks to some diligent commentators and www.howsecureismypassword.net we have learned that these passwords can be cracked in about 4 minutes by a computer.
So you have a Fidelity account you say.... ^.^
ReplyDeletehaha!
DeleteIt's actually far worse than it looks. They convert all the letters to the phone-keypad equivalent number and accept that as your password. You can try this yourself - pretend you were typing your password into a phone keypad. So (a-c,A-C) becomes number "1", (d-f,D-F) becomes number "2", etc. Put that string of numbers into Fidelity.com as your password, and it works. Entropy - what's that for?
ReplyDeleteAre you serious? That's even worse than Amazon's old "we'll only check the first few characters in your password" scheme from a few years back
DeleteBKR is absolutely right: Fiedlity's password security is virtually nonexistent! They effectively allow passwords that are 12 numbers or less long. To see how insure this is, go to www.howsecureismypassword.net and type in any 12-digit number. You will learn that it would take a desktop PC about 4 minutes to crack it. Now, just for the fun it, type in a 12 character string something like this1qaz@WSX3edc, 12 letters, numbers, uppercaes and lower case letters ... 344,000 years to crack that one. But all may soon change: just heard a rumor that Fidelity will begin allowing 20-digit long passwords this May.
ReplyDeleteThat website is awesome thanks for sharing. Really puts a number on how horrendous this is. I'm going to pop this link into the post.
Delete