More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.
Some still allow people to use the word 'password', while others will allow single-character passwords and basic words including a person's surname or a repeat of their user identity.
Professor of Information Security Steve Furnell conducted the research, having carried out similar assessments in 2007, 2011 and 2014.
Have password restrictions ever helped?
(Score: 2) by bob_super on Tuesday July 17 2018, @07:51PM (1 child)
Citibank requires a "special character" and a number, but the actual letters are not case-sensitive ...
Someone must have decided that the additional security was not worth the "call because caps lock" stats.
(Score: 0) by Anonymous Coward on Wednesday July 18 2018, @01:24AM
Fun fact, my back used to be special character insensitive. If you typed a "5" instead of a "%" or a "/" instead of a "?" it would accept it anyway. Unlike case-insensitivity, that had to have taken a monumental bit of effort to code around people being bad typists.