Only letters & numbers? Why not punctuation & special characters?
Twitter suffered yet another security PR nightmare when a hacker gained access to their most vital internal functions, including even the ability to sell the domain name “twitter.com” itself. The problem began when a trusted Twitter employee posted ultra-sensitive documents on Google Docs … all guarded by a weak password.This wouldn’t exactly be a perfect time to announce a free 1GB online file storage service. But hey, you can’t let someone else’s PR nightmare interfere with your own well-laid plans. Antivirus firm F-Secure recently announced their purchase of “Steekr” and they invited the world to take advantage of secure free online document storage.
A mature antivirus firm would certainly understand the need for strong password entropy. Yet Steekr’s security is weak — they only accept letters and numbers in passwords.
Now to be perfectly fair, Steekr’s entropy value might not improve all that much if/when they upgrade users’ passwords to allow ampersands & asterisks & parens & semicolons. Still, when a user devises a truly strong password—
—you shouldn’t tell that user to downgrade it.
This explains why I just don’t feel confident using F-Secure’s online file storage for the spreadsheets I can’t show to the IRS and the computer virus source code I write for Al Qaeda and the email love letters I get from each of my concubines…