How major web companies (and banks) handle passwords quite wrong

There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.

This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.

But it’s wrong.

There is this excellent “comic” describing quite good why special chars in a password are not really good:

Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase

The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):

Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!

Awesome.

Note: This article will get updates.

How major web companies (and banks) handle passwords quite wrong

A quick history of Comic Sans, the most wrongly used font ever

A list of downloadable Vagrant boxes (CentOS 5.9 / 6.4, Ubuntu 12 / 13, Debian 6 / 7 / 7.1 / 7.2)

JavaScript Testing Tactics (21min video by Justin Searls)

How blind people use websites (video with Sina Bahram, blind accessibility researcher)

Sitepoint asks for your favourite PHP IDE – take part!

How to setup a local server (in a virtual machine) with Vagrant in PHPStorm

DigitalOcean VPS coupon codes for december 2013 and early 2014

A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples

Debug PDO with this one-line function. Yeah!

Install Laravel 4 on Ubuntu 12.04 LTS (a how-to tutorial)

A short & simple Composer tutorial

How JavaScript really works – An introduction into the JavaScript call stack by Philip Roberts (20min video)

EOL lists of Ubuntu, Debian and CentOS for your server plannings

PHPStorm 7 has been released!

JavaScript ECMAScript6 – A short video introduction (5min)

[video] Netflix JavaScript Talks about ECMAScript 7: The Evolution of JavaScript

Composer problems ? Try full reset !

How to get a single table out of a massive MySQL .sql database backup file (mysql dump splitter)

8 awesome pure CSS spinner / loader

Increase your HTML / CSS coding speed with EMMET

“Fuck you. Pay Me.” How to deal with clients, the professional way. An excellent talk with Mike Monteiro.

Create a fast, perfect and bootable 1:1 Windows backup (full clone of HDD) for SSD migration

MINI, an extremely simple barebone PHP application

How to prevent PHP sessions being shared between different apache vhosts / different applications

How to fix the ugly font rendering in Google Chrome