Australian Banks Password policies

Note: This is turning into a bigger post than I anticipated, including giving some background on passwords, etc. Stay tuned for the updated version

tl;dr: Longer passwords from the same character set are better than shorter passwords from the same character set. A larger character set is also better than a smaller character set. The larger these are the more potential combinations of characters can make up a password. Computers can process password attempts much quicker than humans.

I like security, especially passwords. They are one part of how I keep unauthorised people from accessing my data, so they're kind of a big deal.

If you thought that you'd be able to have a secure password to protect all of your finances, that situation is actually a bit bleak (at least if you're using one of the "big four" banks here in Australia).

It's important to note that having a stronger password policy is not necessarily indicative of how good the rest of the security systems in place are, nor does a "weaker" policy mean overall it's worse. Now that I've gotten that disclaimer out of the way...

I wanted to compare the different password policies and restrictions of the banks to see how they stack up. For this, I looked at ANZ, Commbank, NAB, and Westpac. Data compared includes password length, what characters they allow you to have in your password, and the number of possible combinations based on the rules that they set.

The Data

View the data as a PDF

Noticed some data that needs updating?

I'll update this as more accurate or relevant information is brought to my attention.

Have an update? Best way to let me know is to send me a tweet @nickf__.


Thanks go to @Priest for starting me on this ranty tangent (rangent?).

Thanks also to @Shaun_R for letting me know that Commbank allow at least some symbols, and that the passwords are not case sensitive.

Posted Tuesday April 11th, 2017