How major web companies (and banks) handle passwords quite wrong

There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.

This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.

But it’s wrong.

There is this excellent “comic” describing quite good why special chars in a password are not really good:

Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase

The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):

Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!

Awesome.

Note: This article will get updates.

How major web companies (and banks) handle passwords quite wrong

The difference between “composer install” and “composer update” – nailed on the head

Experimenting with HHVM at Etsy (Link)

How to use the PHP 5.5 password hashing functions

Killer-feature in PHPStorm: Search everywhere

Adobe releases Firebug-like developer tools to edit and extract PSDs

Disappointed by Watch Dogs’s graphics ? See how it looks with unlocked, hidden settings. Awesome!

Frontend Ops Conf 2014 – Rebooting Flickr On A Node.js Stack, One Page At A Time (from PHP) by Bertrand Fan

What’s new in PHPStorm 10 (Official promo video)

Sitepoint asks for your favourite PHP IDE – take part!

[Link] Excellent PHP best practices, 2014 style

A super-simple introduction into PHP namespaces (7min video)

October CMS, built on top of Laravel, is beautiful, clever and on the way to be the new #1 CMS

Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)

GitHub introduces revert button / rollback for merged pull requests

Generate Vagrant boxes with Laravel, HipHop, Nginx, WordPress, MySQL, MariaDB, MongoDB, RabbitMQ etc. with one click

Which PHP-framework to learn in 2014 ? PHALCON, by far the fastest ever!

Is there a JSFiddle for PHP ? Yes !

JavaScript ECMAScript6 – A short video introduction (5min)

Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)

[Link] Improving Smashing Magazine’s Performance: A Case Study

PHP 5.6 announced, statically typed (!) “new” PHP announced by Facebook devs

Composer problems ? Try full reset !

First view: Ubuntu 14.04 LTS brings PHP 5.5 and Apache 2.4