Chase Bank online security is scary-bad

An illustration of Chase Bank security

Users are slowly learning that using the same password on multiple sites opens them up to a lot of hackery if one of those sites is compromised. So how can a typical user (I think of my mom) easily create a new password for every site they visit?

Password managers! They’re great! Password managers keep all your logins and passwords in one place. They can generate new passwords for you and let you retrieve them easily and securely. I use KeepassX for my login and password storage management. I like it because it’s super easy to use and it’s a great way to organize my keys. I can’t imagine going back to memorization.

My favorite feature of KeepassX is the password generator. It generates passwords for me that are super-dooper strong, like, for example:

2wAn>Jy*2_-e;3(o}lBx`! g]

That’s a bit more secure than using dictionary words with a random l33t thrown in for good measure.

So, onto my point.

My roommates send me money through Chase Bank. It’s convenient and fast (in terms of getting the money) but it is not terribly secure. Chase Bank forces users (like me) to use a short, easy-to-guess password. I can’t use

ya~ >I@,3}(Z_-8VF$2k-Mr1>

because they don’t allow white spaces. I can’t use

wEjw_Gp”-BtEQ#)!a!e_SzV4Q

because they don’t allow special characters, minus or underline. I can’t use

MCviMc5M5605M57LwJxp4gO6B

because it’s too many characters. I have to shorten it down to eight characters. I’m feeling more naked and insecure with every attempt.

I called Chase to complain about this. They told me since I am not an account holder that they can’t even pass my complaint along to the web team. (basically, “go pound sand, Tim Wayne”).  Well, eff you, Chase Bank. Your website is insecure and your customers are needlessly exposed to hackery.