NSA’s own website won’t accept passwords longer than 12 characters

Want a job at the NSA?

Be aware that they don’t like it if your password is longer than 12 characters:

NSA password limit

Okay, so this is just the careers portal part of the NSA’s website. It doesn’t mean that everything at the NSA is protected by a password of 12 or less characters. But it’s not exactly the finest example to set for others, is it?

I checked it out for myself, and had to raise an eyebrow at the following pop-up message that the NSA’s website displayed:

NSA secured

It’s good to see that the NSA are using HTTPS/SSL to protect our private information in transit. Oh, wait… hang on a minute…

As Martijn Grooten points out, this “may be a rare case in which there’s really no one but you and the site who sees your traffic.”

A cynic might suggest, of course, that all the NSA are doing is encouraging people to use shorter, weaker passwords for perfectly understandable reasons.

Hat-tip: @tdhopper

Tags: , , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

3 Responses

  1. Iain Wallace

    September 6, 2013 at 11:55 am #

    Surely the example they *want* to be setting to others is “Please make your passwords as hackable as possible”? So this is ideal.

  2. Paul

    September 6, 2013 at 8:58 pm #

    Ahhh… memories…

    http://www.theregister.co.uk/2013/03/27/gchq_plain_text_password_reminder/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.