Technology news and Jobs 
VIRTUALISATION Tattersall's gamble with password security
VIRTUALISATION Tattersall's gamble with password security | Tattersall's gamble with password security |
|
| by David M Williams | |
| Wednesday, 24 June 2009 | |
|
Page 1 of 2   
Featured Whitepaper
5 Best Practices for Smartphone Support
Wharton had believed his password contained a mixture of lower- and upper-case letters as well as numbers. He had assigned this password himself and had always used it when logging in, but it turned out the Tattersall’s web site actually disregarded case. His judicious use of the shift key was all in vain. To illustrate, this means the Tattersall’s site effectively treats a password like “iTWire77” the same as “ITWIRE77” or “itwire77” or “iTwIrE77” or any other case combination. Wharton realised this weakened the security of his account and expressed his concern to the company. Specifically, he pointed out that the online facility permits funds to be withdrawn from credit cards and bank accounts and transferred to other credit cards and bank accounts and he expected top-class protection of his financial information. A Tattersall's Incidents and Complaints Officer responded to Wharton saying, “Tattersall’s treats the privacy and security of all our players’ with the utmost importance. We apply and maintain stringent security standards to protect data that we hold on behalf of our players. In keeping with this, Tatt’s Online password requirements are enforced as follows:- ‘Your Password must be between 8 and 12 characters long, and contain a letter and a number. Passwords should not contain your member ID< first name or surname.’ Tatt’s Online does not impose upper or lower case requirements for passwords. Thank you for taking the time to provide feedback to Tattersall’s and trust that we have put your mind to rest on this issue.” Does it really matter? Let's look at the numbers. |
| < Next story in category | Previous story in the category > |
|---|
