Flying J / Good Sams Fuel Card Security

Password security is only as good as your password. Having more than 6 characters does not always make it harder to guess. So long as you use at least one capital letter and substitute an extended character for a letter you'll be more secure than someone with a 10 character password that uses their dogs name incremented by a number. In IT, industry standard is minimum of 6 characters, even in banking and healthcare. Eight isn't unheard of, but is somewhat less common. It is odd that they limit it to 6 though.

For example p@ssW0rd (the o being a zero instead of the letter o) is far stronger than password1

Its far more likely your password would be captured by a key logger or screen scraping software installed as part of malware. In that case it doesn't matter how strong or how many characters your password is.

Are we talking about a Flying J credit card here or the RV discount card?

sch911 wrote:
Are we talking about a Flying J credit card here or the RV discount card?

X2 Title say GS Card but you talked to FJ about the password?

Recent advances in password security have changed a lot of previous held assumptions. A few things to consider about passwords
1) any website that can tell you what your password is if you forgot it (instead of prompting you to reset it is using either a) no encryption b) reversible encryption, either way that means your data is stored using an insecure easily hackable method. The site should NEVER be able to tell you what your password is, this is an indication that they know your password.
2) a website forcing you to use a short password ie max 6 characters, or no special characters may be relying on old technology which may no longer be secure
3)password cracking tools are much more intelligent and most use a combination of 3 methods to crack a password a) dictionary attack which is checking known common passwords ie 12345 or password b) hybrid attack checks a dictionary than tries common number/letter substitution ie password1 or switching i for 1 o for 0 3 for e etc c) brute force attack, basically trying every possible combination. The first 2 methods take very little time to hack a password ie hours to days.
As the previous poster mentioned, complexity by using special characters, numbers and capital letters is important as long as it is not obvious complexity ie "pa33w0rd" is not significantly more secure than "password" using modern tools. Entrophy is key to a good password, do not think password, think passphrase ie MyBlueD0gHas3Tails is extremely secure. This comic makes the point:
http://xkcd.com/936/

Any site that forces you to use a short password should be assumed to be insecure, and I would contact customer service and complain... the squeaky wheel gets the oil (even in IT). Complex helps but bigger is better.

rwbradley wrote:
Recent advances in password security have changed a lot of previous held assumptions. A few things to consider about passwords
1) any website that can tell you what your password is if you forgot it (instead of prompting you to reset it is using either a) no encryption b) reversible encryption, either way that means your data is stored using an insecure easily hackable method. The site should NEVER be able to tell you what your password is, this is an indication that they know your password.
2) a website forcing you to use a short password ie max 6 characters, or no special characters may be relying on old technology which may no longer be secure
3)password cracking tools are much more intelligent and most use a combination of 3 methods to crack a password a) dictionary attack which is checking known common passwords ie 12345 or password b) hybrid attack checks a dictionary than tries common number/letter substitution ie password1 or switching i for 1 o for 0 3 for e etc c) brute force attack, basically trying every possible combination. The first 2 methods take very little time to hack a password ie hours to days.
As the previous poster mentioned, complexity by using special characters, numbers and capital letters is important as long as it is not obvious complexity ie "pa33w0rd" is not significantly more secure than "password" using modern tools. Entrophy is key to a good password, do not think password, think passphrase ie MyBlueD0gHas3Tails is extremely secure. This comic makes the point:
http://xkcd.com/936/

Any site that forces you to use a short password should be assumed to be insecure, and I would contact customer service and complain... the squeaky wheel gets the oil (even in IT). Complex helps but bigger is better.

Just to clarify to previous posters, I'm referring to the "Pilot Good Sam Club RV Plus card".
In regard to the above, I did contact CS and was told that a third party company maintains the web site and accounts. According to the person I spoke with "Sir you have nothing to worry about, we have never had an problem". I understand and use long complex passwords.
I'm inquiring as to anyone here a. uses this service and b. finds a problem with Flying J's card account website.
Thanks,

I'll throw this out there just for comparison purposes. Being retired military, I need to log into a government computer system for my retired pay. My password there needs to be between 15 and 30 characters long, have the usual mix of upper case, lower case, numbers and special characters. It automatically expires after 60 days.

Is this a payment card or the loyality card.. If payment card then six characters is a bit.. Short.. If it is a loyality card,, Nothing much to steal there so do not worry about it. I usually use a short password on accounts that do not have any financial or which have "Smoked" personal info, and most all my non-financial accounts have Smoked personal info, This one included. (Something, I will not say what, in my profile is false).

The PIN on your ATM card is only 4 numbers. The PIN for the RV Plus Charge Card is 4 numbers. I like the convenience of the card and so I use it. As for the website login, use care in picking your password and go camping. Between doctored card readers and other scams you don't want to make it simple, but if "they" want to hack you, they will find a way. Get Lifelock and be happy.

You can always get a Visa with cash back and hope they have better encryption. Just don't ask for extra digits to give you a warm fuzzy.

Don't mean to be flippant but the cards are stacked against you and life is short. My head hurts trying to remember all the used names and passwords. I liked life when an address and phone number got you by. Knowing your Social Security number probably meant you were military and knowing your driver's license number meant you were a trucker. Just go have some fun.

duplicate :(

My credit union accepts 6 numbers, letters, or other characters. I was told by a IT guy that using #,$, etc are a little more secure.
Don