Security News > 2023 > December > Many popular websites still cling to password creation policies from 1985

A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found.

The researchers used an automated account creation method to assess over 20,000 websites across the Tranco top 1M and evaluate the password creation policies users have to adhere to.

Why are weak password creation policies are still so predominant? For several reasons, the researchers posit.

"If popular web software implemented recommended password policy configurations by default, many websites could be moved to stronger password policies."

The widely diverse password creation policies are likely a usability burden.

3,200 websites have copy-pasting disabled for either the email/username or the password field Hundreds of websites deploy typo-tolerant password authentication, which can be abused during attacks that rely on password guessing, credential stuffing and tweaking attacks.

News URL

https://www.helpnetsecurity.com/2023/12/12/websites-passwords/