As IT professional and security enthusiast I've complained to KLM before that I wasn't happy with the four digit pin. But with this change, I don't think it actually got any better. The password requirements are ludicrous:
- 8 to 12 characters
- At least 1 numeric character (0-9)
- At least 1 uppercase character (A-Z) and 1 lowercase character (a-z)
- In addition, the following characters are allowed: @ $ & + - / # _ ? !
First of all, why a maximum length password? I understand a minimum, but why the max? Secondly, if I want a password sentence, something like ialwaysflywithklmbecausetheyreblue is easily memorable and is harder to crack than with the current requirements. I use a password vault with password generator and i usually have passwords of over 50 digits with all types of symbols available and if companies restrict me in how complicated I my passwords want, I don't think they take their security serious. Unless the KLM IT department still lives in 1999.
And to people who ask for two factor authentication: if you need that, your passwords are probably bad. Use a long password and a different password for every account you create. And if possible, even a different email address per account.