Princeton University's Arvind Narayanan and colleagues found 75% of 120 top-ranked English-language websites permit weak passwords, while over half also allow 40 of the most common leaked and easily guessed passwords.
The researchers manually checked those 40 passwords on each site, choosing 20 from a randomized sampling of the 100,000 most frequently used passwords detected in data breaches, as well as the first 20 passwords guessed by a password cracker.
Just 15 sites blocked all 40 tested passwords, including Google, Adobe, Twitch, GitHub, and Grammarly.
Only 23 of the 120 sites provide strength meters that encourage users to create sufficiently strong passwords, while 54 sites still follow poorly rated password composition policies.
From New Scientist
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA