Password Requirements Shaming

Honda Financial Services

Honda Financial Services limits passwords to 20 characters, letters and numbers only.

What’s more, their website is actively hostile to password managers: It prevents you from saving login information and filling out most form fields. You have to copy/paste your username and password to log in, and you must manually type in your bank account information because it disables form filling and even pasting.

As if that weren’t bad enough, they forcibly redirect HTTPS requests to insecure HTTP on all pages except login and account management, which makes it blissfully easy for an attacker to MITM your connection and steal your bank account information or your 20-character, alphanumeric-only password.