American Express is full of FAIL
By bounds on Oct 03, 2008
Yesterday I made quite a few purchases that I needed. While trying to get a few items at Wal-mart, my card was temporarily disabled. This is a good thing. This means American Express watched my account and noticed all the charges. The idea is that I contact them to ensure that these charges are legit. When contacting them, the automated system asked that I enter the first 4 letters of my password. I was kind of at a loss for this, so I did what I normally do. I pressed 0 repeatedly. When I spoke to the customer service rep, he asked the exact same question. This tells me that my password is NOT encrypted or hashed when stored in their system. Well, they could have another field with the first 4 letters hashed/encrypted but I doubt it. The fact that AmEx passwords are already very weak (No symbols, small password size) just enfuriates me more.