> or because they expect users to be able to enter the password in via a telephone keypad, which vastly reduces the number of possible combinations since every number substitutes for 3-4 letters (also bad).
Not so much as you may assume. I'd bet (not with much money, admittedly) that you can't get into the web interface with a telephone-digit variant of your password.
I'm not sure where in their architecture phone-keypad-compatibility lies, but it's quite possibly not even in any user-facing system.
In that case, the security of your password is not much reduced -- only if someone has access to that telephone-access system, and can do something bad with it.
Not so much as you may assume. I'd bet (not with much money, admittedly) that you can't get into the web interface with a telephone-digit variant of your password.
I'm not sure where in their architecture phone-keypad-compatibility lies, but it's quite possibly not even in any user-facing system.
In that case, the security of your password is not much reduced -- only if someone has access to that telephone-access system, and can do something bad with it.