More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.
Some still allow people to use the word 'password', while others will allow single-character passwords and basic words including a person's surname or a repeat of their user identity.
Professor of Information Security Steve Furnell conducted the research, having carried out similar assessments in 2007, 2011 and 2014.
Have password restrictions ever helped?
(Score: 2) by The Archon V2.0 on Wednesday July 18 2018, @03:21PM
Depends on the restriction. Stopping someone from using a 1 character pass or "password1" is reasonable IMO. However, I've seen some insane ones. One system used by HP in the early 2000's (no idea if it's still in use) would reject anything with a dictionary word anywhere in it. Including two letter words like "to" "at" and "AI". It almost forced you to use an alternating letter-number sequence for a password, unless you wanted to spend an hour changing letters one at a time (and then two at a time) and waiting for the system to either accept it or re-reject it, trying to figure out why "rXeLy013GBf2nh1" was "insecure".
Oh, and the password expired every three months. Almost everyone I knew just found something that worked and then incremented the final digit, meaning if you had an old password and a rough idea when it was from, you'd guess their current one in 1-3 guesses.