But that’s not the case on the website of insurance company Direct Line if you try to create an account.
They don’t want you to use anything other than ‘a’..’z’, ‘A’..’Z’, ‘0’..’9′. Furthermore, it’s tough luck if you want your password to be more than 10 characters.
That doesn’t sound like good security practice to me. That sounds like Direct Line’s programmers are either lazy or don’t know what they’re playing at.
Direct Line is far from the only company which is guilty of putting such daft restrictions on its customers. But that’s no excuse.
Hat-tip: Thanks to @LargeGrowlyBear for pointing out Direct Line’s lousy password requirements to me.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.