Prudential PIN must be exactly 8 Characters
Comments
-
Prudential, unbelievably, requires a ID + 8 character PIN + OTP from the phone.
"Important:
- The PIN you choose should be unique to you and easy to recall.
- Do not reveal or share your PIN with anyone.
- The PIN you choose must be easy to recall.
- Change your PIN immediately if you suspect that it has been exposed to others or you suspect unauthorised access.
- The PIN you choose must be exactly 8 characters.
- The PIN you choose should comprise of uppercase and lowercase alphanumerics.
- No staff of Prudential should ever ask you for your PIN.
- The PIN you choose must not be your current PIN or have been used in the last 5 PIN changes.
- The PIN you choose must not be the same as/or the reverse of your NRIC / Passport number."
0 -
Hey @wkleem,
I hope you don't mind, I split your comment out into it's own thread from the previous thread as it was on a different topic.
The PIN you choose must be exactly 8 characters.
I really hope common sense security practices will be taken on by these financial institutions. Eight characters for a password is truly ridiculous. Things like this have to be brought to their attention. Hopefully they will hear their more security conscious customers.
Best regards,
Matthew0 -
Thanks for the reply. Was hoping that 1Password could somehow work around the limitation but it doesn't appear possible. They must think that adding OTP to a poor solution actually improves security?
0 -
As best I can tell, one-time passwords best help those that have a tendency to re-use passwords or pick ones that aren't considered strong by password cracking standards. So even in this instance it probably can't hurt. The frustrating part is any weakness in the password entropy is purely on their questionable password requirements.
We won't let you pick a really strong password, have TOTP instead :smile:
Sigh.
0
