How major web companies (and banks) handle passwords quite wrong
There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.
This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.
But it’s wrong.
There is this excellent “comic” describing quite good why special chars in a password are not really good:
Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase
The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):
Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/
Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!
Awesome.
Note: This article will get updates.
Random articles
Interesting stats on SONY’s hacked passwords
Microsoft enters post-password era with Hello (promo video)
Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
Google I/O 2014 – HTTPS Everywhere (video)
DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)
Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines
First view on Zend Framework 3 by Matthew O’Phinney
-30% to -90% on Steam and Origin
Preview-release of (my) “php-mvc” project (a simple php mvc barebone)