![\"\"](\"https:\/\/www.suramya.com\/blog\/wp-content\/uploads\/2017\/12\/Citi_passwordGuidelines.png\")
<\/center><\/p>\nThe first item there is fairly standard but what really surprised me were items # 3,4 & 6. What do you mean I can’t have any special characters in my password? Why can’t I have a password longer than 16 Characters when the NIST password guidelines recommend that you allow a password of up to 64 char’s in length. <\/p>\n
In contrast The Dominos Pizza’s Online portal has stronger security and requires you to have Upper case, Lower Case, Numeric Char and a Special Character in the password. Making it a lot more secure and harder to crack than the Citibank password.<\/p>\n
![\"\"](\"https:\/\/www.suramya.com\/blog\/wp-content\/uploads\/2017\/12\/PizzaHut_passwordGuidelines.png\")
<\/center><\/p>\nThis is not all. The best part is yet to come. I use a password manager and my generated password was 22 characters long this time, so I pasted it into the form and the system accepted the password change. Now since I am a paranoid person I decided to check if the password changed successfully by logging in with the new password. Imagine my surprise when an error message popped up on screen when I tried to log in telling me that my password can’t be longer than 16 chars. I was confused since the password change form took my 22 char password without trouble, so I tried logging in with the old password and that obviously didn’t work. Finally I tried removing the extra 6 characters from my password and was able to log in. <\/p>\n
![\"\"](\"https:\/\/www.suramya.com\/blog\/wp-content\/uploads\/2017\/12\/Citi_passwordLogin.png\")
<\/center><\/p>\nBasically the stupid system truncated my password to 16 and then saved it instead of warning me that my password was too long when I was changing the password which would have been the logical thing to do. <\/p>\n
Citibank needs to update its system to follow the NIST rules and start allowing people to choose more secure passwords. <\/p>\n
Well this is all for now, will write more later.<\/p>\n
– Suramya<\/p>\n","protected":false},"excerpt":{"rendered":"
Today I decided to change my IPIN (Internet Pin) on Citibank as I haven’t changed it in a while and its a good idea to change it on a regular basis. So I logged in to my account and clicked on the password reset link and I got the following text: The first item there […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"","activitypub_status":"","footnotes":""},"categories":[6,4,2],"tags":[],"class_list":["post-2773","post","type-post","status-publish","format-standard","hentry","category-computer-related","category-my-thoughts","category-techie-stuff"],"_links":{"self":[{"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/posts\/2773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/comments?post=2773"}],"version-history":[{"count":3,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/posts\/2773\/revisions"}],"predecessor-version":[{"id":2779,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/posts\/2773\/revisions\/2779"}],"wp:attachment":[{"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/media?parent=2773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/categories?post=2773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.suramya.com\/blog\/wp-json\/wp\/v2\/tags?post=2773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}