Jump to content

Photo

Option For Shorter Passwords


  • This topic is locked This topic is locked
16 replies to this topic

#11
HeyYou

HeyYou

    Resident poster

  • Supporter
  • PipPipPipPipPip
  • 10,111 posts

 

 

 

Yeah, I see your point. My bank doesn't even have that level of security. :D

I highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.

However if it is true then I'd move to a bank that treats your data with respect and secures it.

 

I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get.

 

Then go to a better bank that protects you and your assets

 

 

 

 

Yeah, I see your point. My bank doesn't even have that level of security. :D

I highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.

However if it is true then I'd move to a bank that treats your data with respect and secures it.

 

I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get.

 

 

Eight character passwords are a holdover from legacy systems, like IBM mainframes.  IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors.  Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.

This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest.

 

Please enlighten me on how a longer password is any more secure. (Hint: Its not.)



#12
OldSaltyCroc

OldSaltyCroc

    Regular

  • Members
  • PipPip
  • 53 posts

 

 

 

 

 

Yeah, I see your point. My bank doesn't even have that level of security. :D

I highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.

However if it is true then I'd move to a bank that treats your data with respect and secures it.

 

I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get.

 

 

Eight character passwords are a holdover from legacy systems, like IBM mainframes.  IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors.  Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.

This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest.

 

 

Read more carefully, I did not say anyone was logging onto a mainframe.  I said that some banks used the security processors on the mainframe, " ... they use the IBM Mainframe password processors". 

 

 

From  IBM Security Server RACF Security Administrator's Guide

 

When a user logs on to a z/OS® system, the user must supply an authentication factor to identify the user. In RACF®, that authenticator can be either a password or a password phrase. A password is a traditional one to eight character alphanumeric value. A password phrase is a character string that consists of mixed-case letters, numbers, and special characters including blanks. Password phrases have security advantages over passwords as they are long enough to withstand most hacking attempts and are unlikely to be written down because they are easy to remember.


I hope this helps clear up your misunderstanding. 



#13
1ae0bfb8

1ae0bfb8

    I don't suffer fools

  • Supporter
  • PipPipPipPipPip
  • 3,063 posts

 

 

 

 

Yeah, I see your point. My bank doesn't even have that level of security. :D

I highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.

However if it is true then I'd move to a bank that treats your data with respect and secures it.

 

I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get.

 

Then go to a better bank that protects you and your assets

 

 

 

 

Yeah, I see your point. My bank doesn't even have that level of security. :D

I highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.

However if it is true then I'd move to a bank that treats your data with respect and secures it.

 

I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get.

 

 

Eight character passwords are a holdover from legacy systems, like IBM mainframes.  IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors.  Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.

This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest.

 

Please enlighten me on how a longer password is any more secure. (Hint: Its not.)

 

go read up on it and educate yourself

 

 

 

 

 

 

 

Yeah, I see your point. My bank doesn't even have that level of security. :D

I highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.

However if it is true then I'd move to a bank that treats your data with respect and secures it.

 

I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get.

 

 

Eight character passwords are a holdover from legacy systems, like IBM mainframes.  IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors.  Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.

This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest.

 

 

Read more carefully, I did not say anyone was logging onto a mainframe.  I said that some banks used the security processors on the mainframe, " ... they use the IBM Mainframe password processors". 

 

 

From  IBM Security Server RACF Security Administrator's Guide

 

When a user logs on to a z/OS® system, the user must supply an authentication factor to identify the user. In RACF®, that authenticator can be either a password or a password phrase. A password is a traditional one to eight character alphanumeric value. A password phrase is a character string that consists of mixed-case letters, numbers, and special characters including blanks. Password phrases have security advantages over passwords as they are long enough to withstand most hacking attempts and are unlikely to be written down because they are easy to remember.

I hope this helps clear up your misunderstanding. 

 

I have no misunderstanding. z/OS is fully compliant with two phase connect and pass phrases and has been for years. RACF is one security product, Top Secret is another ACF2 is a third. There are other solutions from other vendors that can enhance the system in a myriad of wonderful ways.

 

Then there's the integrated hardware encryption facility which is at least 20 years old ...and the latest hardware encyption of datasets and files i could go on....

 

when you logon to your internet banking you're not logging on to a mainframe at all in fact you're probably about 5 levels away from the back end protected by all kinds of firewalls and messaging protocols and the fact that some service requires an 8 character password is nothing - absolutely nothing to do with the z/os server providing the data.

 

@heyyou - you can find the answer to your question on the internet. take a look its a great place full of information. educate yourself.



#14
Arthmoor

Arthmoor

    Destroyer of Bugs

  • Premium Member
  • 20,493 posts

Then go to a better bank that protects you and your assets

We don't all have the luxury of being able to just switch banks on a whim.



#15
OldSaltyCroc

OldSaltyCroc

    Regular

  • Members
  • PipPip
  • 53 posts

 

 

 

 

 

 

 

Yeah, I see your point. My bank doesn't even have that level of security. :D

I highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.

However if it is true then I'd move to a bank that treats your data with respect and secures it.

 

I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get.

 

 

Eight character passwords are a holdover from legacy systems, like IBM mainframes.  IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors.  Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.

This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest.

 

 

Read more carefully, I did not say anyone was logging onto a mainframe.  I said that some banks used the security processors on the mainframe, " ... they use the IBM Mainframe password processors". 

 

 

From  IBM Security Server RACF Security Administrator's Guide

 

When a user logs on to a z/OS® system, the user must supply an authentication factor to identify the user. In RACF®, that authenticator can be either a password or a password phrase. A password is a traditional one to eight character alphanumeric value. A password phrase is a character string that consists of mixed-case letters, numbers, and special characters including blanks. Password phrases have security advantages over passwords as they are long enough to withstand most hacking attempts and are unlikely to be written down because they are easy to remember.

I hope this helps clear up your misunderstanding. 

 

I have no misunderstanding. z/OS is fully compliant with two phase connect and pass phrases and has been for years. RACF is one security product, Top Secret is another ACF2 is a third. There are other solutions from other vendors that can enhance the system in a myriad of wonderful ways.

 

Then there's the integrated hardware encryption facility which is at least 20 years old ...and the latest hardware encyption of datasets and files i could go on....

 

when you logon to your internet banking you're not logging on to a mainframe at all in fact you're probably about 5 levels away from the back end protected by all kinds of firewalls and messaging protocols and the fact that some service requires an 8 character password is nothing - absolutely nothing to do with the z/os server providing the data.

 

 

 

 

First, using IBM password services is not the same as logging onto the mainframe.  This is the second time I have had to reiterate this distinction.  Until you comprehend that distinction, you will continue to lack understanding.

 

Second, compliant is not the same as implemented.  The implementation of passphrase is a choice, and not dictated, regardless of security product.  Many sites have elected to not implement Passphrase because of the impact the longer passphrase has on things like TSO, CICS and third party product logon screens and automated processes dependent on the RACF password services. 



#16
gnarly1

gnarly1

    My mind sedate

  • Members
  • PipPipPip
  • 572 posts

Please enlighten me on how a longer password is any more secure. (Hint: Its not.)

This is delusional.  (Hint: it's easily verified as bogus by typing a suitable search query into a highly underutilised search engine called 'Google').

 

I recommend you get acquainted with it so you can prevent yourself from propagating BS on the internet.



#17
Pickysaurus

Pickysaurus

    Community Manager

  • Admin
  • 14,520 posts

This whole thread is starting to get a bit unpleasant. 

 

We're aware some users do not like the stricter/longer password requirements, however, we believe this is best fit for the site. If you have trouble remembering long password, I recommended a password manager such as LastPass. 






IPB skins by Skinbox
Page loaded in: 1.208 seconds