A few minutes ago, I went to log into my bank account to check things out and noticed an odd message upon attempting to log in:
The password entered contains invalid characters. You may enter numbers 0 – 9 and/or letters A – Z. At least one letter and one number must be entered. You may also use special characters (such as @, %, &, #). Please re-enter your password. Your password should be different than your username.
I got this error message because my password contains special characters, the kind of stuff holding shift and hitting a number will do. I could not log in with my password because it was no longer considered valid under rules that were changed in the past 24 hours (since I log in every day to make sure no funny business is happening). They changed their security rules to be more restrictive with no concern for existing passwords. No email was sent to me, no alert or anything else.
This is a rookie mistake, Wells Fargo. I expect better from a large bank like yourself. Maybe I should start being worried about the competency of your IT department, because complex stuff like storing sensitive data and properly encrypting communication may be beyond their head.