AT&T Bans Obscene Passwords
Published on: 31st Mar 2013
Note -- this news article is more than a year old.
USA based AT&T has been noticed having a rather unusual clause in its website password rules.
While most websites make some requirements on password length or a minimum combination of letters and numbers, as the AT&T one also does... they also have a ban on "obscene language" in a users password.
Originally noticed by Twitter's Network & Infrastructure Security Engineer, Randy Janinda the seemingly amusing if harmless requirement actually raised a more serious issue.
Passwords should be encrypted in a manner that makes them difficult to decrypt. When a user tries to log into an account, the password they type in is also encrypted, and that encrypted string is then compared with the identically encrypted version in the database.
At no time should anyone ever be able to reverse engineer the password selected by the customer - at least not easily.
Which then raises the question as to why AT&T has a requirement that the password is polite - when no one would ever see it.
Then again, with passwords being ever easier to hack, maybe the company simply wants to avoid shocking potential hackers with a database full of expletives?