How major web companies (and banks) handle passwords quite wrong

There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.

This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.

But it’s wrong.

There is this excellent “comic” describing quite good why special chars in a password are not really good:

Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase

The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):

Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!

Awesome.

Note: This article will get updates.

This article was written quite a while ago (9 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How major web companies (and banks) handle passwords quite wrong

Random articles

Leave A Comment Cancel reply

Sitepoint asks for your favourite PHP IDE – take part!

“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem

Need motivation ? Check out these 2 awesome “FORBES 30 under 30” lists (web, UI, games)

JavaScript Testing Tactics (21min video by Justin Searls)

Microsoft announces “holographic” 3D interfaces (promo video)

MINI, an extremely simple barebone PHP application

A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 12.04 (Precise Pangolin)

This is an experimental advertisement

[Link] How To Install October CMS on a VPS running Ubuntu 14.04

SensioLabs, creator of Symfony and Silex PHP frameworks, gets $7 million capital

How to fix the ugly font rendering in Google Chrome

Stressed and unrelaxed while coding ? Try some ultra-deeply-relaxing ASMR audio clips. It will change your life. Seriously.

How to debug code on a remote server (or in vagrant box) with PHPStorm

The SSL Heartbleed bug explained in 30 seconds

How to install / setup PHP 5.5.x on Ubuntu 12.04 LTS

“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem

How to show memory usage (Ubuntu)

How to install/setup latest version of PHPMyAdmin on Ubuntu 12.04 LTS (Precise Pangolin)

JavaScript ECMAScript6 – A short video introduction (5min)

October CMS, built on top of Laravel, is beautiful, clever and on the way to be the new #1 CMS

New features in SASS 3.3 (a talk by SASS-creator Chris Eppstein)

Create a fast, perfect and bootable 1:1 Windows backup (full clone of HDD) for SSD migration

[Link] Excellent PHP best practices, 2014 style

Slides & talks from PHP UK Conference 2014