How major web companies (and banks) handle passwords quite wrong

There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.

This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.

But it’s wrong.

There is this excellent “comic” describing quite good why special chars in a password are not really good:

Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase

The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):

Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!

Awesome.

Note: This article will get updates.

This article was written quite a while ago (9 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How major web companies (and banks) handle passwords quite wrong

Random articles

Leave A Comment Cancel reply

“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem

How blind people use websites (video with Sina Bahram, blind accessibility researcher)

Crossbrowser-safe HTML5 video (IE6+) with a few lines of code and just one .mp4 video file

How to setup a local server (in a virtual machine) with Vagrant in PHPStorm

MINI, an extremely simple barebone PHP application

How to center a div vertically and horizontally (modern methods, without fixed size!)

Material Design – How Google designed Android L (7min video)

Get visitor stats for your GitHub repo with BitDeli

[Link] How to create, read, update and delete (CRUD) with PDO, MySQLi and MySQL the right way (prepared statements)

Extremely simple deployment with PHPloy

SASSmeister is a real-time JSfiddle for SASS / CSS. Awesome!

Migrating Wikipedia to HHVM (@Scale Conference 2014)

The Times talks about Times New Roman (3min video)

How to show the available version of a package (before doing apt-get install)

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

How to fix the ugly font rendering in Google Chrome

How Instagram.com works

Interesting stats on SONY’s hacked passwords

Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS

All new features of WordPress 3.9 in this 2 minute video

Increase your PageSpeed score (10min video with Matt Gaunt)

Install MINI in 30 seconds inside Ubuntu 14.04 LTS

Sitepoint asks for your favourite PHP IDE – take part!

A super-simple introduction into PHP namespaces (7min video)

A super-simple Vagrant LAMP stack bootstrap (installable with one command)