Most Major Websites Encourage Terrible Passwords

Status
Not open for further replies.

jhansonxi

Distinguished
May 11, 2007
525
0
18,930
0
What I hate is web sites that don't indicate what passwords are acceptable. They'll let you enter whatever you want but then silently ignore characters they don't like and truncate the password to their unstated lenght limit. You find this out the next time you try to login.
 

senkasaw

Distinguished
Aug 2, 2010
37
0
18,590
1
While it is sad that so many people use terrible passwords, I don't see it as the websites' job to force them to use good ones.
 

none12345

Honorable
Apr 27, 2013
37
0
10,580
0
Oddly enough sites requiring at least 1 number, one capital etc....are less secure. Most people will put the capital letter first, and the number on the end. Knowing this, you have just made the password easier to guess, not harder. You narroed the first character from 26 lower case, 26 upper case, and 10 decimal = 62 possibilites to only 26, the capital letters, and you narrowed the last one from 62 to 10. It will still likely be a common word or words inbetween.
 

brucek2

Distinguished
Dec 31, 2008
21
0
18,560
0
On the vast majority of sites that have ever asked me to create an account, my account and everything stored within it is absolutely worthless. Yet some of them insist on requiring an unwieldy password, which I will never remember in my head, so I end up having to write it down somewhere which is immediately unsecure.

The best system to me is one where I can use whatever convenient, "screen door" level protection password I want for this tier of account, which is the vast majority of them.

Then, for the relatively few that are valuable and/or sensitive, I can pick unique, complex passwords that are worth memorizing and that I won't be tempted to re-use on the next junk level account.
 

Christopher1

Distinguished
Aug 29, 2006
197
0
18,640
1
Oddly enough sites requiring at least 1 number, one capital etc....are less secure. Most people will put the capital letter first, and the number on the end. Knowing this, you have just made the password easier to guess, not harder. You narroed the first character from 26 lower case, 26 upper case, and 10 decimal = 62 possibilites to only 26, the capital letters, and you narrowed the last one from 62 to 10. It will still likely be a common word or words inbetween.
Which will not matter as long as the passwords are PROPERLY encrypted AND there is a log-in limit (i.e. only 5 log-in attempts in an hour or 6 hour period per account) on the website in question.
 

Darkk

Distinguished
Oct 6, 2003
253
0
18,930
0
Folks... regardless on how each website employ's it's own password protection scheme you should NEVER EVER use the same user ID and password on another website. If you can't manage password then use third party software like keepass.

If you did use simple passwords and same user ID everywhere else you deserve for the accounts get hacked. This is NOT the fault of the website as it did warn you NOT to use same user ID and password on another website.
 

Eisbrecher34

Honorable
Feb 14, 2012
10
0
10,560
0
I bet fifty bucks that one of the guys running the tests uses a "11111" or something of the sort. It's just human nature to keep things simple.
 

randomizer

Distinguished
Moderator
Jul 24, 2006
880
0
19,260
62
What I hate is web sites that don't indicate what passwords are acceptable. They'll let you enter whatever you want but then silently ignore characters they don't like and truncate the password to their unstated lenght limit. You find this out the next time you try to login.
I've seen worse; a bank that accepted at least 20 characters when creating the password, but only allowing 16 characters when logging in. No truncation, just no ability to enter a matching password. I've also recently seen a credit union that only allows passwords of 6-10 characters, and only with digits.

Financial institutions also seem to have a fixation with requiring secret questions and answers, usually asking questions for which the answers are often on Facebook. Why bother cracking a password when you just need to find the name of the person's pet?

The companies for which security is paramount provide the worse security.
 

ithurtswhenipee

Distinguished
Mar 6, 2010
57
0
18,580
0
It is the individual's responsibility to make secure passwords, but in general people are stupid. So the websites are forced to hand-hold it's users and force good passwords. Given that people aren't going to get much smarter anytime soon - that needs to be done. The real problem on the website's end are the ones that actually force simpler passwords. I always make my passwords that are a random string of 8 or more characters (uppercase, lowercase, numbers, symbols), then I come across a site that tells me I can't have special characters or my password needs to start with a number
 

gm0n3y

Distinguished
Mar 13, 2006
1,549
0
19,730
0
It seems to me that insecure passwords aren't really much of a risk. Sites just need to limit login attempts and users need to not reuse passwords. The problem is of course that who can remember the dozens of passwords needed for various websites.

My biggest annoyance with passwords is with a credit card system that I've used that has online password verification. Since it deals with money I make sure to put a very secure password on the account. Since almost no sites require this additional verification, a few months later when I need to use it again, I can't remember the password. I get it wrong three times and they completely lock down my account, requiring me to call them to reset my password. Of course it's a weekend and the call centre is only open during business hours (M-F 9-5). So I wait until Monday and call them while I'm at work. They ask for the balance on my last bill which I don't have with me at work. So I have to track down my old bill and bring it to work the next day so I can call again. Finally I can actually make the purchase that I tried to make a few days before. Then a few months later I try to use the system again and the same thing happens. So bloody annoying.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
S Streaming Video & TVs 2
R Streaming Video & TVs 2
A Streaming Video & TVs 2
G Streaming Video & TVs 3
G Streaming Video & TVs 4
Z Streaming Video & TVs 17
G Streaming Video & TVs 36
exfileme Streaming Video & TVs 38
exfileme Streaming Video & TVs 11
G Streaming Video & TVs 5
G Streaming Video & TVs 13
JMcEntegart Streaming Video & TVs 30
exfileme Streaming Video & TVs 9
Marcus Yam Streaming Video & TVs 20
Marcus Yam Streaming Video & TVs 16
Marcus Yam Streaming Video & TVs 74
JMcEntegart Streaming Video & TVs 55
JMcEntegart Streaming Video & TVs 26
exfileme Streaming Video & TVs 20
exfileme Streaming Video & TVs 13

ASK THE COMMUNITY