While few things in life are ever complete, this does fall into the category of complete BS.  Taken to its logical extreme, this argument would have you believe that a single-character password is most secure.  I suggest the letter d, is most secure; it stands for dillweed.

Further, even if this were true (which it most certainly is NOT), AmEx would purportedly attempt to protect against software that was somehow installed on my computer at the expense of protection from good ‘ol fashioned brute-force, which they’ve made FAR easier by restricting the max length AND characters used.  BTW, if I ended up with someone’s keystroke logging software on my keyboard, I’m pretty much screwed if my password is 1 character or 101 characters, doesn’t matter.

Regardless, I refuse to believe that the technologists at AmEx are so mind-numbingly incompetent as to render this explanation accurate.  This is clearly a case of email support incompetence.  The 8 character-max password is also the result of incompetence, but is unrelated to the BS spewed by that particular support rep.

I’m passionate about this particular issue because I too am a customer of AmEx.  I’ll followup here later with my own experience asking this same question.

marco:

(via iamdanw)

The reasons given don’t sound quite right. If there’s really anything to this, I’d love if an expert in the matter could enlighten me with the details.

Translation: This sounds like bullshit, but if I’m wrong, I don’t want to appear too ignorant.