“Three out of four of the world’s most popular websites are failing to meet minimum requirement standards” for password security, reports Georgia Tech’s College of Computing. Which means three out of four of the world’s most popular web sites are “allowing tens of millions of users to create weak passwords.”
Using a first-of-its-kind automated tool that can assess a website’s password creation policies, researchers also discovered that 12% of websites completely lacked password length requirements. Assistant Professor Frank Li and Ph.D. student Suood Al Roomi in Georgia Tech’s School of Cybersecurity and Privacy created the automated assessment tool to explore all sites in the Google Chrome User Experience Report (CrUX), a database of one million websites and pages.
Li and Al Roomi’s method of inferring password policies succeeded on over 20,000 sites in the database and showed that many sites:
– Permit very short passwords
– Do not block common passwords
– Use outdated requirements like complex characters
The researchers also discovered that only a few sites fully follow standard guidelines, while most stick to outdated guidelines from 2004… More than half of the…
