Agile Bits on passwords and security theater


Many banking and financial sites implement restrictions on password length, require certain special characters to be present, and put in place various 'security theatre' measures on their websites that do little for increasing user security, while ultimately making it more difficult for users to rely on password managers to fill their complex passwords in on the site.

1Password folks seem to like their sentences like their passwords -- long and complex. With that said, I couldn't agree more. Weird password rules are one of my big pet peeves especially when they actually make password security worse.

Anyway, this is in a blog post admonishing the bank TD Canada Trust on their new iOS app which restricts the ability to cut/paste passwords. It looks like the bank is revisiting this decision and will be more friendly to password managers in the near future, which is great news.

Interestingly, OS X does the same thing with secure disk images. You can't cut/paste passwords, which is a bummer. Good news though is Agile Bit's Knox not only makes that possible but makes managing secure disk images a little easier.