I have had it with web sites that won’t let me put really secure passwords on my accounts. What do I mean by that? I mean sites that won’t allow anything other than letters and numbers in a password. WTF? I have a whole keyboard full of lovely glyphs to choose from; why limit me to 52 letters (upper and lower, assuming the developers are smart enough to know the difference) and ten digits?
By placing non-alphanumeric characters in a password, I am making it much harder to guess or crack. Yet there is a corps of web developers out there who force me to choose less secure passwords, because they won’t let me put punctuation in them. Why they do this, I can’t say. There is not a single compelling reason to exclude punctuation from passwords. Not one. I challenge any of you to give me a good reason for this restriction. In fact, it’s more work for the developers to check for these “offending” characters and scold the user for daring to use them! I’ve been stewing about this for a while, but this morning when I tried to setup an account at podiobooks.com and was told my password was not good enough for them, it sent me over the edge.
So, tech managers, here are your marching orders: Look at your site(s). If you have a restriction on what characters can go in a password, figure out which of your developers wrote that code, and fire them. Then, have someone else rewrite that bit of code the right way.