Delta recently revamped their website, Delta.com. For those of us who fly a lot on Delta, it’s a useful place to be, but not when they make arbitrary demands that decrease our security.
This is the password change screen for their new website update. It requires a password between 6-20 characters, with no special characters, at least one upper and lowercase letter, and at least one number.
This is stupid.
I have a very secure set of passwords. None of them fit into this category; they don’t even come close. Therefore, I can’t do an easily modifiable base password to fit this arbitrary set of rules. Therefore, I’m probably not going to remember the password. Therefore I can either write it down (that’s secure!) or just realize that every time I try and use Delta.com, I’ll be having to reset my password.
Delta, I’m a bit disappointed in you. Let’s try and stay up with the times, ok? Let’s also realize that if you make enough arbitrary requirements on passwords, your users are going to be annoyed, thus less likely to recommend your website. Off to travelocity they go, in that case.