I love my secure passwords. Lovely passwords like “fr!bBl3~98_m0nT4=” (no, this is not a password I use, just an example of the type). This kind of mangling makes a password more difficult to guess for password breaking programmes. No it doesn’t make them “unbreakable”, but nothing in this digital world of ours is truly “unbreakable”, but many things are “very very difficult to break”, and that’s kinda what I aim for.
When I signed up for Internet banking with my bank, I thought “nice secure password”, and typed a really horribly convoluted password, the response was “invalid password”. I picked up the phone (something I don’t do often), and called their help line, only to get told “you can only use letters and numbers in your password sir”. The frightening thing is: there are many web sites I’ve signed up to recently that have this “no symbols or spaces” password policy. What on earth is wrong with you people!?!?! You tell me to select a secure password, but then tell me the one I gave is to secure??? I see absolutely no technical (or non-technical for that matter) reason why you cannot store my horrible password.
Surely you don’t store my password as plain text in your database do you. This is a massive potential security problem. If someone breaks into their database, they own your accounts. One of the first things I do is click the “forgot my password” link on the site. If they send me the password I typed in, I change my password and get rid of my account, simple reason: they’re storing my password somewhere. If they reset my password, or send me a random one, it’s a good indication that they are storing hashed passwords, and so my data is a bit more secure.
Be careful what sites you sign up with, how secure their data is directly affects you.