Poor password security on a 2017 healthcare website?

Discussion in 'privacy general' started by brians08, Jul 31, 2017.

  1. brians08

    brians08 Registered Member

    Apr 27, 2008
    I just created an account on myuhc.com today and found that the password restrictions are dangerously weak. They require a special character but in reality you are limited to only four of a possible 32 i.e. @ _ - #
    If that isn't enough, I discovered that the web form forces all lower case characters to upper case when you click the submit button. If a hacker gets the myuhc pw hash list, it should be very easy to run through hashcat with the pw rules: only upper case alpha, 0-9, @ _ - #
    I logged a complaint on the website but doubt they will care.
  2. Sordid

    Sordid Registered Member

    Oct 25, 2011
    Unless they limit length or you use a short password, that char set is far large enough to resist brute-force; then there are hash "salts" versus table attacks.
    Meanwhile, service calls/tickets over being locked out due to capslocks/ambiguous symbol chars go away.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.