Security News > 2022 > July > 3rd Party Services Are Falling Short on Password Security
The analysis compared the password requirements against a subset of the Specops Breached Password Protection list, containing 1 billion known compromised passwords.
Zendesk does not perform a compromised password check, resulting in password being accepted.
Trello's password requirement is that a password must have at least 8 characters.
This is thanks to enforcing a complex password policy, although it is likely this level of complexity can cause other poor password behaviors such as password reuse and passwords being written down.
While Mailchimp would successfully block 98.7% of known breached passwords based on the password requirements alone, the fact that the service doesn't check for compromised passwords means that Password1!, a password that appears on Specops Breached Password Protection, is allowed.
With password policies baked in, shared vaults for more secure collaboration, and password generators that create and store secure options, they're a great alternative to putting the responsibility into your end-users hands.