“More than half of the websites in the study accepted passwords with six characters or less, with 75% failing to require the recommended eight-character minimum. Around 12% of had no length requirements, and 30% did not support spaces or special characters.”

  • Technus@lemmy.zip
    link
    fedilink
    arrow-up
    30
    ·
    1 year ago

    It’s 2023 and I still see signup forms that are like “must have at least one of each: number, lowercase letter, uppercase character, special character (but not , . " & / + < > {} [] )”

    That, plus no single sign-on (privacy issues aside) and login flow design so bad that password managers don’t know what the fuck is going on, and it’s no wonder password security is still a huge issue.

    • ultratiem@lemmy.ca
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      My old domain registrar set an 7 character limit, no special characters of any kind. Just numbers and letters. This was back in 2020 🫠

  • dhtseany@lemmy.ml
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    Cool now talk about how shitty banks block auto-fill on their login forms which keeps you from using it with your password managers. Oh, and no, you can’t paste into those fields either cuz “security”.

  • inetknght@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    If a website requires so few characters that I have to create custom rule in my password manager for it… then it’s a website I’m strongly inclined not to use.

    Sadly, a lot of these websites deal with finances or employment.

      • wincing_nucleus073@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        you know what’s funny. in paypal you are not even allowed to make a secure password. they have a short character limit.

        • Pantherina@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Yesss my shortest Password. Fuck Paypal I only have it for weird stuff and that Indian Developer that still maintains LineageOS Android 14 for my Nokia phone

  • AutomaticJack@beehaw.org
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    I’ve come across a few sites that require one upper case, one number and one symbol (from a short list). Not at least one of each, no no, precisely one of each. One site even forced the password length to be exact -_-

  • TrickDacy@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    If we could audit individuals’ passwords across services, I’ll bet the duplicate and weak passwords found would likely be terrifying.