HeyYou Posted February 23, 2021 Share Posted February 23, 2021 Yeah, I see your point. My bank doesn't even have that level of security. :DI highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.However if it is true then I'd move to a bank that treats your data with respect and secures it. I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get. Then go to a better bank that protects you and your assets Yeah, I see your point. My bank doesn't even have that level of security. :DI highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.However if it is true then I'd move to a bank that treats your data with respect and secures it. I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get. Eight character passwords are a holdover from legacy systems, like IBM mainframes. IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors. Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest. Please enlighten me on how a longer password is any more secure. (Hint: Its not.) Link to comment Share on other sites More sharing options...
Deleted92948618User Posted February 23, 2021 Share Posted February 23, 2021 Yeah, I see your point. My bank doesn't even have that level of security. :DI highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.However if it is true then I'd move to a bank that treats your data with respect and secures it. I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get. Eight character passwords are a holdover from legacy systems, like IBM mainframes. IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors. Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest. Read more carefully, I did not say anyone was logging onto a mainframe. I said that some banks used the security processors on the mainframe, " ... they use the IBM Mainframe password processors". From IBM Security Server RACF Security Administrator's Guide When a user logs on to a z/OS® system, the user must supply an authentication factor to identify the user. In RACF®, that authenticator can be either a password or a password phrase. A password is a traditional one to eight character alphanumeric value. A password phrase is a character string that consists of mixed-case letters, numbers, and special characters including blanks. Password phrases have security advantages over passwords as they are long enough to withstand most hacking attempts and are unlikely to be written down because they are easy to remember. I hope this helps clear up your misunderstanding. Link to comment Share on other sites More sharing options...
Guest deleted34304850 Posted February 23, 2021 Share Posted February 23, 2021 Yeah, I see your point. My bank doesn't even have that level of security. :DI highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.However if it is true then I'd move to a bank that treats your data with respect and secures it. I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get. Then go to a better bank that protects you and your assets Yeah, I see your point. My bank doesn't even have that level of security. :DI highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.However if it is true then I'd move to a bank that treats your data with respect and secures it. I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get. Eight character passwords are a holdover from legacy systems, like IBM mainframes. IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors. Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest. Please enlighten me on how a longer password is any more secure. (Hint: Its not.) go read up on it and educate yourself Yeah, I see your point. My bank doesn't even have that level of security. :DI highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.However if it is true then I'd move to a bank that treats your data with respect and secures it. I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get. Eight character passwords are a holdover from legacy systems, like IBM mainframes. IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors. Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest. Read more carefully, I did not say anyone was logging onto a mainframe. I said that some banks used the security processors on the mainframe, " ... they use the IBM Mainframe password processors". From IBM Security Server RACF Security Administrator's Guide When a user logs on to a z/OS® system, the user must supply an authentication factor to identify the user. In RACF®, that authenticator can be either a password or a password phrase. A password is a traditional one to eight character alphanumeric value. A password phrase is a character string that consists of mixed-case letters, numbers, and special characters including blanks. Password phrases have security advantages over passwords as they are long enough to withstand most hacking attempts and are unlikely to be written down because they are easy to remember.I hope this helps clear up your misunderstanding. I have no misunderstanding. z/OS is fully compliant with two phase connect and pass phrases and has been for years. RACF is one security product, Top Secret is another ACF2 is a third. There are other solutions from other vendors that can enhance the system in a myriad of wonderful ways. Then there's the integrated hardware encryption facility which is at least 20 years old ...and the latest hardware encyption of datasets and files i could go on.... when you logon to your internet banking you're not logging on to a mainframe at all in fact you're probably about 5 levels away from the back end protected by all kinds of firewalls and messaging protocols and the fact that some service requires an 8 character password is nothing - absolutely nothing to do with the z/os server providing the data. @heyyou - you can find the answer to your question on the internet. take a look its a great place full of information. educate yourself. Link to comment Share on other sites More sharing options...
Arthmoor Posted February 23, 2021 Share Posted February 23, 2021 Then go to a better bank that protects you and your assetsWe don't all have the luxury of being able to just switch banks on a whim. Link to comment Share on other sites More sharing options...
Deleted92948618User Posted February 23, 2021 Share Posted February 23, 2021 Yeah, I see your point. My bank doesn't even have that level of security. :DI highly doubt that is true. Finance Services is a highly regulated industry and there are stringent requirements around customer data including passwords.However if it is true then I'd move to a bank that treats your data with respect and secures it. I think you'd be surprised how many banking sites only let you use up to 8 chars in the password. Without even the possibility of using a longer one. It's kind of hard to find a workable banking option that also has proper levels of security, so very often we just take what we can get. Eight character passwords are a holdover from legacy systems, like IBM mainframes. IBM mainframe had a MAX limit of eight character passwords for decades, and in as much as many banking systems are backed on IBM Mainframes, they use the IBM Mainframe password processors. Quite a few IBM mainframe customers have not converted to the PassPhrase technology which supports passwords/phrases up to 100 characters.This is incorrect. When you logon to your bank, you are not logging on to a mainframe. Go and read up on the latest (i.e. in the last decade at least) security requirements for mainframe systems. You're trying to conflate something from 20-odd years ago into the current day and age for some reason and it's embarassing to read, to be honest. Read more carefully, I did not say anyone was logging onto a mainframe. I said that some banks used the security processors on the mainframe, " ... they use the IBM Mainframe password processors". From IBM Security Server RACF Security Administrator's Guide When a user logs on to a z/OS® system, the user must supply an authentication factor to identify the user. In RACF®, that authenticator can be either a password or a password phrase. A password is a traditional one to eight character alphanumeric value. A password phrase is a character string that consists of mixed-case letters, numbers, and special characters including blanks. Password phrases have security advantages over passwords as they are long enough to withstand most hacking attempts and are unlikely to be written down because they are easy to remember.I hope this helps clear up your misunderstanding. I have no misunderstanding. z/OS is fully compliant with two phase connect and pass phrases and has been for years. RACF is one security product, Top Secret is another ACF2 is a third. There are other solutions from other vendors that can enhance the system in a myriad of wonderful ways. Then there's the integrated hardware encryption facility which is at least 20 years old ...and the latest hardware encyption of datasets and files i could go on.... when you logon to your internet banking you're not logging on to a mainframe at all in fact you're probably about 5 levels away from the back end protected by all kinds of firewalls and messaging protocols and the fact that some service requires an 8 character password is nothing - absolutely nothing to do with the z/os server providing the data. First, using IBM password services is not the same as logging onto the mainframe. This is the second time I have had to reiterate this distinction. Until you comprehend that distinction, you will continue to lack understanding. Second, compliant is not the same as implemented. The implementation of passphrase is a choice, and not dictated, regardless of security product. Many sites have elected to not implement Passphrase because of the impact the longer passphrase has on things like TSO, CICS and third party product logon screens and automated processes dependent on the RACF password services. Link to comment Share on other sites More sharing options...
gnarly1 Posted February 24, 2021 Share Posted February 24, 2021 Please enlighten me on how a longer password is any more secure. (Hint: Its not.)This is delusional. (Hint: it's easily verified as bogus by typing a suitable search query into a highly underutilised search engine called 'Google'). I recommend you get acquainted with it so you can prevent yourself from propagating BS on the internet. Link to comment Share on other sites More sharing options...
Pickysaurus Posted February 24, 2021 Share Posted February 24, 2021 This whole thread is starting to get a bit unpleasant. We're aware some users do not like the stricter/longer password requirements, however, we believe this is best fit for the site. If you have trouble remembering long password, I recommended a password manager such as LastPass. Link to comment Share on other sites More sharing options...
Recommended Posts