How major web companies (and banks) handle passwords quite wrong

There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.

This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.

But it’s wrong.

There is this excellent “comic” describing quite good why special chars in a password are not really good:

Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase

The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):

Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!

Awesome.

Note: This article will get updates.

How major web companies (and banks) handle passwords quite wrong

Experimenting with HHVM at Etsy (Link)

Windows XP is officially dead from today. Do you know people still using it ? Punch them.

How to copy Vagrant boxes (or duplicate them)

Hochlastseiten mit PHP, MySQL und Apache am Beispiel stern.de (deutscher Artikel)

Adobe offers Photoshop for $9.99 per month (limited deal)

Push database changes to all clients in real-time (!) with AngularJS and Firebase

[Link] Excellent PHP best practices, 2014 style

First view: Ubuntu 14.04 LTS brings PHP 5.5 and Apache 2.4

Crossbrowser-safe HTML5 video (IE6+) with a few lines of code and just one .mp4 video file

GitHub finally introduces repo traffic stats

JavaScript ECMAScript6 – A short video introduction (5min)

Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS

Quick fix for 404 error in WordPress category / tag page

Perfect HTML email templates for perfect HTML emails (outlook!) with INK

PHP 6.0 will be PHP 7

A collection of beautiful ajax loaders / spinners in pure .svg / CSS

Microsoft announces “holographic” 3D interfaces (promo video)

[Link] How to set up HipHop, Nginx and Laravel in Ubuntu 12.04 LTS (in a Vagrant box)

The SSL Heartbleed bug explained in 30 seconds

How to prevent PHP sessions being shared between different apache vhosts / different applications

SensioLabs, creator of Symfony and Silex PHP frameworks, gets $7 million capital

What’s new in PHPStorm 9

How to install GitHub’s, NetBeans’s and Sublime2’s syntax highlighting code colours theme in PHPStorm 6/7

Windows XP is officially dead from today. Do you know people still using it ? Punch them.

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu