chase.com security advisories - 05/25/14 05:21 AM
Two security advisories regarding chase.com:
1. Chase has finally gotten its act together and (silently) updated its user password policy to bring it more into line with the real world:
Your new Password:
2. I was appalled to learn that the options to receive security alerts when
Further, the first time I navigated to that location I found that all three prefs were turned off...that I had been at risk for quite some time.
Now, it's possible that I reeeally spaced out and turned those prefs off on my own, but it's also possible that Chase has them turned off by default; I therefore suggest that all chase.com users check theirs. (I'll appreciate feedback about their default state.)
I can't imagine why Chase thinks *anybody* would want to run without those prefs and has left them as user options?
1. Chase has finally gotten its act together and (silently) updated its user password policy to bring it more into line with the real world:
Your new Password:
- Must be 7-32 characters long
- Must include at least one letter and one number
- May include some special characters or punctuation
- Must not match your User ID or your previous five Passwords
2. I was appalled to learn that the options to receive security alerts when
- "My password has changed"
- "My user ID has changed"
- "My device has been approved"
Further, the first time I navigated to that location I found that all three prefs were turned off...that I had been at risk for quite some time.
Now, it's possible that I reeeally spaced out and turned those prefs off on my own, but it's also possible that Chase has them turned off by default; I therefore suggest that all chase.com users check theirs. (I'll appreciate feedback about their default state.)
I can't imagine why Chase thinks *anybody* would want to run without those prefs and has left them as user options?