More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.
Some still allow people to use the word 'password', while others will allow single-character passwords and basic words including a person's surname or a repeat of their user identity.
Professor of Information Security Steve Furnell conducted the research, having carried out similar assessments in 2007, 2011 and 2014.
Have password restrictions ever helped?
(Score: 2) by DannyB on Wednesday July 18 2018, @03:29PM (1 child)
Management should buy in. If Snotnose can crack people's passwords, then so can someone else.
If management doesn't buy in, this is indicative of an attitude which makes it more likely that:
1. security is weak elsewhere
2. a hacker will penetrate your systems
3. they will steal your password file
4. the password file will be easy to crack, as Snotnose has demonstrated
5. Other system penetrations, data theft, malware installation, and other nefarious things will occur
If management doesn't buy in, then they need to be replaced. There is probably somewhere to report such poor security. (other than an anonymous online post)
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Wednesday July 18 2018, @11:05PM
Look at Dilbert's PHB and then, knowing what management should be doing, tell me by what likelihood they are actually going to do it.