Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
December 4, 2013
Chris
Security
0

How major web companies (and banks) handle passwords quite wrong

PreviousNext

There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.

This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.

But it’s wrong.

There is this excellent “comic” describing quite good why special chars in a password are not really good:

password_strength

 

Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase

The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):

password handling comparison

 

Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!

Awesome.

Note: This article will get updates.

 

This article was written quite a while ago (9 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

  • Interesting stats on SONY’s hacked passwordsInteresting stats on SONY’s hacked passwords
  • Microsoft enters post-password era with Hello (promo video)Microsoft enters post-password era with Hello (promo video)
  • Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
  • Google I/O 2014 – HTTPS Everywhere (video)Google I/O 2014 – HTTPS Everywhere (video)
  • DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)
  • Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machinesHacking ATMs – A conference talk about the current security state of Windows XP driven cash machines
  • “Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem
  • Push database changes to all clients in real-time (!) with AngularJS and FirebasePush database changes to all clients in real-time (!) with AngularJS and Firebase
  • Angelina Fabbro talks about “CSS4” in this excellent conference videoAngelina Fabbro talks about “CSS4” in this excellent conference video
hashingpasswordssecurity
Share this

Leave A Comment Cancel reply

O’Reilly’s Programming JavaScript Applications by Eric Elliott for free (Early Access release)

O’Reilly currently offers the entire book Programming JavaScript Applications by Eric Elliott for free (as an online-readable version) while its

vagrant

How to setup a local server (in a virtual machine) with Vagrant in PHPStorm

This is part 1 of a series on How to get a modern workflow in PHP development. Part 2 is

A collection of beautiful ajax loaders / spinners in pure .svg / CSS

No images used, pure svg/css and scaleable. Bookmark now! Brent Jackson‘s ajax spinner / loader library on the project’s demo

symfony-framework-logo

SensioLabs, creator of Symfony and Silex PHP frameworks, gets $7 million capital

The company behind the two popular PHP frameworks Symfony and Silex just raised 7 million dollars to “expand their open-source

Frontend Ops Conf 2014 – Sarah Goff-Dupont: Git, Continuous Integration and Making It Pretty (31min video)

This article was written quite a while ago (8 years), please keep this in mind when using the information written

digitalocean coupon

Free $10 coupon for DigitalOcean SSD cloud VPS hosting

DigitalOcean puts out another coupon, this time for free $10 with the code SSD2014. The company offers small and big

angularjs

Two excellent introductions into AngularJS by Todd Motto

If you are familiar with PHP frameworks and have a basic understanding of what a model, a controller and a

vagrant

How to copy Vagrant boxes (or duplicate them)

Copy vagrant box & compress it Making a real 1:1 copy of a Vagrant box is really easy ! Simply

-45% (or even 50%) off on DesignWall today

Get 45% off on DesignWall.com with this coupon code: AMTHUNTER45 It’s also possible to get off 50% by taking part

composer

The difference between “composer install” and “composer update” – nailed on the head

What a beautiful, direct and clean explaination of the often-confusing difference between composer install and composer update: Beau Simensen (Twitter,

1/4

Categories

Search

sass laravel
Extremely easy SASS in Laravel (with pure PHP)
phpstorm 7.0 php
A perfect video tutorial to get started with xdebug in PHPStorm
How to install/setup latest version of PHPMyAdmin on Ubuntu 12.04 LTS (Precise Pangolin)
php
Test out PHP 5.6alpha1 on Windows 7 / 8 with two clicks
Beautiful, minimal WordPress theme ZUKI by Elmastudio (with 30% discount)
vagrant
How to setup a local server (in a virtual machine) with Vagrant in PHPStorm
Frontend Ops Conf 2014 – Keynote by Alex Sexton: “Front End Operations”
Increase your HTML / CSS coding speed with EMMET
How Snapchat wants to earn money (by establishing vertical videos)
bash-command-line-tutorial
Best introduction to unix command line / bash ever (by André Augusto Costa Santos)
[Link] Improving Smashing Magazine’s Performance: A Case Study
hiphop php
Vote for “Hack” for HipHop/HHMV support (future style PHP) in PHPStorm 8
mod-rewrite-ubuntu-14-04-lts
How to enable mod_rewrite in Ubuntu 12.04 LTS
Awesome next-gen PS4 graphics in “The Order: 1886”
Soundcloud’s “VP of Engineering” about using SSDs

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy
 
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT