Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
December 4, 2013
Chris
Security
Comments Off on How major web companies (and banks) handle passwords quite wrong

How major web companies (and banks) handle passwords quite wrong

PreviousNext

There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.

This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.

But it’s wrong.

There is this excellent “comic” describing quite good why special chars in a password are not really good:

password_strength

 

Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase

The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):

password handling comparison

 

Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!

Awesome.

Note: This article will get updates.

 

hashingpasswordssecurity
Share this

How Snapchat wants to earn money (by establishing vertical videos)

Snapchat is worth 15-19 billion dollars. An insane number, making everybody ask: How the hell is this possible, why has

php

How to install PHP 7.0 on Ubuntu 14.04 LTS

You want to install PHP 7 within 60 seconds ? No problem, but first make sure you have a fresh

bash-command-line-tutorial

Best introduction to unix command line / bash ever (by André Augusto Costa Santos)

Microsoft announces “holographic” 3D interfaces (promo video)

Microsoft has just announces the damn future in business und consumer electronics! Interactive, “holographic” 3D environments, usable without a keyboard,

mod-rewrite-ubuntu-14-04-lts

EOL lists of Ubuntu, Debian and CentOS for your server plannings

Chosing the right server operating system will probably save your life and avoid a lot of stress with your clients.

(Links) How to fix an extremely slow Symfony inside a Vagrant box

When you work with Vagrant (if not – try it!) on a Windows or Mac machine (which is an excellent

harper reed about big data

Harper Reed – The magic and mystery of Big Data (30min video from Webstock’15)

Harper Reed is speaking, so nothing can go wrong. :) The former CTO of Threadless.com and Obama for America definitly

O’Reilly’s Programming JavaScript Applications by Eric Elliott for free (Early Access release)

O’Reilly currently offers the entire book Programming JavaScript Applications by Eric Elliott for free (as an online-readable version) while its

modern-php

Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015

Definitly something every non-superexpert-PHP-developer should have on its books-to-buy-in-2015-list: Josh Lockhart, creator of the legendaray Slim framework and the famous

php

“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem

This little projects is basically super-simple, but somehow really really clever and definitly a time-saver: Belt is a typical Composer-loaded

1/4

Categories

Search

php-phalcon-logo
Which PHP-framework to learn in 2014 ? PHALCON, by far the fastest ever!
Redesigning Windows 8 – fantastic and clever drafts by Jay Machalani
microsoft-windows-azure-cloud-hosting
Microsoft’s Azure platform gives away high money prizes for “testing out” their cloud services
php mvc
Preview-release of (my) “php-mvc” project (a simple php mvc barebone)
Frontend Ops Conf 2014 – Sarah Goff-Dupont: Git, Continuous Integration and Making It Pretty (31min video)
(Links) How to fix an extremely slow Symfony inside a Vagrant box
dev coding cards deck
Nice gifts for devs: Nerdy playing-cards decks
How to hack time (KUNG FURY promo campaign)
Useful basic linux stuff: Show kernel version, distribution name and distribution version on Ubuntu systems
Bézier Curves – Under the Hood (4min video)
modern-php
Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015
sass laravel
Extremely easy SASS in Laravel (with pure PHP)
This is an experimental advertisement
sass
[german video] Modernizing and minimalizing frontend markup code at AutoScout24
github-logo-octocat
GitHub rolls out .PSD diff and viewing

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy