Comparing Bank Password Requirements

The recent Heartbleed OpenSSL vulnerability prompted another healthy round of resetting my passwords all over the web.

I already have a good understanding and high regard for password security thanks to Steve Gibson‘s Security Now podcast and Password Haystacks service.

This time around, I have noticed more sites are permitting longer passwords, which is great. There is one category, however, that still lags behind; and that’s banking.

Several of my financial institutions permit a maximum of only 12 to 15 characters. I continue to ask them to accept longer and more complex passwords, to no avail.

Perhaps it’s time for me to choose financial institutions that have a greater emphasis on security than low interest rates or cash-back rewards.

I have started to create a spreadsheet that compares the minimum and maximum password requirements for some of the larger banking institutions in the US. It’s a public Google Docs Spreadsheet. I invite anyone you to help contribute or edit:

Comparing Bank Password Requirements

It is frustrating that the password that I use to protect my Netflix account is many times more secure than the passwords I’m permitted to use to protect my financial assets. I can use a 32-character password to protect content that isn’t even mine, but can’t do the same for my own money.

Please help me find a bank that cares about security. Any contributions to the Comparing Bank Password Requirements would be appreciated.