This is a static archive of, as it looked from September 2012 to May 2014.

Posted on Apr 14, 2014

Comparing Bank Password Requirements

The recent Heartbleed OpenSSL vulnerability prompted another healthy round of resetting my passwords all over the web.

I already have a good understanding and high regard for password security thanks to Steve Gibson‘s Security Now podcast and Password Haystacks service.

This time around, I have noticed more sites are permitting longer passwords, which is great. There is one category, however, that still lags behind; and that’s banking.

Several of my financial institutions permit a maximum of only 12 to 15 characters. I continue to ask them to accept longer and more complex passwords, to no avail.

Perhaps it’s time for me to choose financial institutions that have a greater emphasis on security than low interest rates or cash-back rewards.

I have started to create a spreadsheet that compares the minimum and maximum password requirements for some of the larger banking institutions in the US. It’s a public Google Docs Spreadsheet. I invite anyone you to help contribute or edit:

Comparing Bank Password Requirements

It is frustrating that the password that I use to protect my Netflix account is many times more secure than the passwords I’m permitted to use to protect my financial assets. I can use a 32-character password to protect content that isn’t even mine, but can’t do the same for my own money.

Please help me find a bank that cares about security. Any contributions to the Comparing Bank Password Requirements would be appreciated.

Comments are closed.