Monday, October 6, 2008

AMEX = FAIL


saw this today while reseting a password...awesome.



Also looks like I'm not the only one having the problem.
http://lastinfirstout.blogspot.com/2008/10/trivial-account-reset-on-american.html
CG

9 comments:

Anonymous said...

Sounds like a good ol mainframe character limit

hogg said...
This comment has been removed by the author.
hogg said...

I ran into this too a few months ago: here.

Anonymous said...

Once again...this would not be a security issue, until you h@x0rs made a big deal out of it...
We make people super-duper promise not be bad on our site...
What else can we do?

Szaf said...

We have something very similar where I work with a time-writing app. It wont let you have a long password, and you have to use alphanumeric only. Great system.

Anonymous said...

no more than 8 chars and NO SPECIAL chars... that drops the possible keyspace down to about a 10 minute dictionary attack ;) woohoo!

Rob Stevens said...

It's pretty crazy how often you run into this. I've even seen it on things like domain registration and control, although I haven't run into it on any sites like this one where it's something like your finances that are at risk.

Morgan Storey said...

one of the reasons I no longer have an Amex.

grey_area said...

By the way... almost a year later and this still hasn't changed.