Why is it most sites, especially those that have good reason to require a secure password don’t allow symbols?
There are a lovely set of characters on the number keys and a couple of other places. But financial institutions don’t allow them. At least not the 3-4 I’ve dealt with.
I’ll admit, I’m not a security hack. I know that some programmers allow certain characters to not be escaped correctly and it causes issues with URLs and SQL. But is it really insecure to allow a backquote or @? Or is it that companies are afraid of the lower common denominator of software engineer will allow known back doors to be opened by use of certain unescaped symbols.
This is a frustration. Or maybe I just need to read more about security to find out in 4-10 characters ( a-Z, A-Z, 0-9) we can create secure passwords. Why can’t I type the password I prefer? Why can’t I have longer pass phrases like I can with an SSH key?
OK, I’m done bitching for now.
