Special characters make passwords stronger but they are not allowed for WashingtonPost.com accounts.
I am always amazed at the casual attitude many display about security on the Internet. Consumers provide their email addresses to online merchants and then wonder why they get spam. People share their contact addresses with social marketing vendors without regard for the consequences.
And today, I discovered that the Washington Post isn’t following the most basic guidelines for secure passwords. When I updated my account today, I included special characters in my password, which makes them harder to crack. But here’s the error message I got:
Yes, special characters are not allowed for your WashingtonPost.com account. Lovely.
I’m sure that many people will think that this is no big deal. But what if you use the same username and password for your WashingtonPost.com account and for your bank account? Here is a small list of organizations that specifically recommend using special characters in passwords.
- U.S. Computer Emergency Readiness Team (US-CERT)
- National Institute of Standards and Technology (NIST)
- And even a Washington Post Article
I think, unfortunately, that it’s going to take a massive security breach by a well known online retailer before users and businesses change their bad security habits.