Oystercard for those who don't know is the modern ticketing system used in London. It's a "swipe" card you can use on buses and the underground.
Anyway, I registered on their website today and it starts like any other registration form with the desired username and password. When I submitted the first form it gave me an error message shown in this picture
"Your password needs to be at least six characters long and contain a mixture of uppercase and lowercase letters and at least one digit. For example, Abc123."
Have you ever seen that before? Stupid! The password I first intended to use is only a mixture of lowercase letters and several numbers, which works perfectly fine on UNIX. The effect was that I had to come up with a new one which I'll probably forget sooner or later. To avoid forgetting it I have written it down on a small piece of paper here on my desk. How's that for security?
Comments
Works "perfectly fine on UNIX" when unix is set for loose password strength...
I suggest a passphrase approach. For instance 'Tattrms!' which is the initial letters of "These are times that try men's souls!", or if numbers are absolutely required, "1poBp!" ("1 pint of Bitter please!")
Easy to remember and more secure than any word based password.
If special chars are not allowed, you are on your own... :)