undefined | Better HN

0 pointsmoviuro6y ago0 comments

That's not true about Paypal though: "Use lower case, upper case, a number, and a special character [like ~!@#$%^&*()_+=?><.,/]." [0]

And even if the character subset is quite small (26 lower case, 26 upper case, 10 digits), it's still good enough if it's completely random and never leaked once. Just max out the password length (start at 32 char) and back track from there.

[0] https://www.paypal.com/us/smarthelp/article/Tips-for-creatin...

0 comments

3 comments · 2 top-level

0xffff26y ago· 1 in thread

I find this to be a recurring theme when banking security comes up. Every time I've ever been in a position to check, the specific claims made by HN comments about lackluster bank security practices have not been true. I assume they must have been true at one point, but commenters don't check that they are still true before commenting.

vxNsr6y ago

It was true in 2016 when I created my account. it was also true about BoA, they allowed a limited char-set.

vxNsr6y ago

That doc isn't dated, but it was true as recently as three years ago.

j / k navigate · click thread line to collapse