just a small rant about sites, especially financial ones, enforcing silly rules for usernames and passwords that vary wildly from one site to the next.
some require special characters in passwords, some can't handle them! is my letters and numbers-only password really secure enough to protect my money?
i had a standard 6-character username, which in the past couple years became insufficient for banks. several financial sites required 8-character usernames.
great, now i have to remember which sites are the username exceptions, along with whatever peculiarities the password rules may have.
this week, i made logins for two more sites where i have some investments. one required a 10-character username, but couldn't handle special characters in the password. what security purpose is served with unwieldy usernames? and what kinds of backends do these sites have that the policy is to exclude special chars? injection-prone php servers? doesn't inspire a lot of confidence.