NetBank (Commonwealth Bank of Australia) Website

When resetting your NetBank password, the website only informs you that you can create an alphanumeric password, despite the fact that you can use special characters. And also, it's password strength calculation is shit. An 155 bits of entropy password is "weak." Additionally, passwords are case-insensitive. This isn't the worst I've seen, but on a bank, it's just bad.

  • Password length capped to 16 characters (min. 8)
  • Disallows use of <>^{}~= (interestingly, not quotes. so I wonder why these aren't allowed?)
  • Must include at least one number
NetBank (Commonwealth Bank of Australia) dumb password rule screenshot
NetBank (Commonwealth Bank of Australia) dumb password rule screenshot