Sign In

Communications of the ACM

ACM TechNews

Seventy-Five Percent of the World's Top Websites Allow Bad Passwords

View as: Print Mobile App Share:

The researchers remain uncertain about why so many popular websites still have subpar password policies.

Credit: Rafael Henrique/SOPA Images/LightRocket/Getty Images

Princeton University's Arvind Narayanan and colleagues found 75% of 120 top-ranked English-language websites permit weak passwords, while over half also allow 40 of the most common leaked and easily guessed passwords.

The researchers manually checked those 40 passwords on each site, choosing 20 from a randomized sampling of the 100,000 most frequently used passwords detected in data breaches, as well as the first 20 passwords guessed by a password cracker.

Just 15 sites blocked all 40 tested passwords, including Google, Adobe, Twitch, GitHub, and Grammarly.

Only 23 of the 120 sites provide strength meters that encourage users to create sufficiently strong passwords, while 54 sites still follow poorly rated password composition policies.

From New Scientist
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found