Another site with odd password policies, redbox.com. Requiring a minimum password length is a good idea, though you could argue that six is too small. But why limit the maximum password length to 12 characters? Any site that has a maximum password restriction below 50 characters has me wondering how exactly they are managing password storage and security.
4 replies on “Strange Redbox Password Policy”
Joseph
I just sent an email to Scott at Redbox (their API lead) to have him look at your post and address this as it will certainly be a growing concern for the tech community.
Thanks for being on top of these things!
Would be great to see them fix this.
Good catch! I’ve had services tell me storage is an issue here before which sends me running as, well, that’s what hashes are for….
Totally agree. Redbox is the one password that I’m constantly forgetting. Having such a limited number of characters available makes it a challenge not only to use my typical password algorithm, but it also makes it more likely to be hacked. Boo!