“More than half of the websites in the study accepted passwords with six characters or less, with 75% failing to require the recommended eight-character minimum. Around 12% of had no length requirements, and 30% did not support spaces or special characters.”

  • Technus@lemmy.zip
    link
    fedilink
    arrow-up
    35
    ·
    11 months ago

    It’s 2023 and I still see signup forms that are like “must have at least one of each: number, lowercase letter, uppercase character, special character (but not , . " & / + < > {} [] )”

    That, plus no single sign-on (privacy issues aside) and login flow design so bad that password managers don’t know what the fuck is going on, and it’s no wonder password security is still a huge issue.

    • meseek #2982@lemmy.ca
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      11 months ago

      My old domain registrar set an 7 character limit, no special characters of any kind. Just numbers and letters. This was back in 2020 🫠