I received my Bamboo Fun small pen & touch today. I like it, but enough with the marketing talk.
As I always try to do, i wanted to register my new device, download the newest drivers etc. Visiting bamboo.wacom.com, i followed directions and was asked to create an account for myself. Struggling hard with the absence of https and other issues, i decided to register the product anyway. Probably not the very worst information to loose control of anyway.
I entered a rather simple password as i usually do for starters (then changing them after registration), i got this on screen:
WOW! They require a 10 character length minimum password!
Rather perplexed with an instant feeling of .. happiness.., i registered with a much more complex password, which of course was 10+ characters in length. Additionally, the error message states their password policy i guess. I's even shorter than the one I'm planning to release on my blog as a "best practice" recommendation in the near future. :-)
KUDOS to Wacom for actually requesting 10 character length as the minimum. Doing that you're leaving most others in the dust.
Complaints? Sure. No SSL (HTTPS), and i didn't even try out to see if there were any complexity requirements hiding in there, or any other controls that would be optional or even mandatory to keep in line with what i would consider best practice.
I'm amazed, I've got to sleep now. FINALLY a provider of products and services does something good for the evolution of password security (without jumping to 2-factor or biometrics). WOW, and good night. :-)