London Midland on Password lengths

A few weeks ago I wrote to London Midland, a rail company in England, on why when signing up for an account on their website, your password must be between 6 and 8 characters long. Today I got a reply:

Thank you for contacting London Midland Web Support.

This is a security measure put in place by London Midland.

By putting a limit on the amount of characters this makes the password recollection easier for the customer.

I’m glad London Midland’s security experts have told me about this fundamental of password security. From now on, passwords on Qrait must be between 2 and 4 characters long to ensure they are easy for users to remember. I’ve chosen a slightly shorter length than them, because then passwords will be even easier to remember. Also, Qrait doesn’t store credit card details, and the London Midland website does.

This entry was posted in Blog. Bookmark the permalink.
  • Pingback: Who cares about password security? NatWest don’t | Jalada()

  • There’s no way I could remember that. I have a mnenomic password generator (it’s not as complex as 1Password, but I can do it in my head: it gives slightly different results for each site), and it produces passwords far in excess of eight characters. Why would London Midland think I’d want a special deviation from that rule just for them? (It also includes various punctuation symbols, including spaces.)