this post was submitted on 27 Nov 2023
261 points (97.8% liked)

Technology

59086 readers
3677 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
261
Largest Study of its Kind Shows Outdated Password Practices are Widespread (www.cc.gatech.edu)
submitted 11 months ago by L4s@lemmy.world to c/technology@lemmy.world
48 comments fedilink hide all child comments
 

Largest Study of its Kind Shows Outdated Password Practices are Widespread::undefined

you are viewing a single comment's thread
view the rest of the comments
[–] lolola@lemmy.blahaj.zone 111 points 11 months ago (17 children)

The article focuses on password requirements that websites implement, not user behaviors. Common bad practices mentioned:

  • Permit very short passwords
  • Do not block common passwords
  • Use outdated requirements like complex characters
[–] Kengaro0@lemmy.world 18 points 11 months ago (14 children)

Complex characters are outdated? It also refers to special characters but I guess that's what I was thinking of. So special characters are in, so what is a complex character then?

[–] 9point6@lemmy.world 55 points 11 months ago (5 children)

Length is the most important thing, everything else is somewhat secondary. We should be shifting thinking of this to passphrases rather than passwords.

I'm sure most of us have seen the "correct horse battery staple" XKCD, but that's what people really need to think of as passwords now, not my-favourite-celebrity-but-with-the-"e"-changed-to-"3"-and-an-exclamation-mark-at-the-end.

[–] wavebeam@lemmy.world 14 points 11 months ago (2 children)

Nah fuck that. Sites need to adopt this passkeys instead. It’s an impossible task for people to have unique credentials for every site, even if they are “memorable”. This is a design issue not a personal responsibility one. When designing for large volumes of people, you have to assume that the majority will do something easy and stupid over difficult and smart.

[–] GissaMittJobb@lemmy.ml 15 points 11 months ago (1 children)

Until they do, password managers get you most of the way there, by letting you have a single password on your side, mapping to one password for each login. Bitwarden is great, and free.

[–] laurelraven@lemmy.blahaj.zone 11 points 11 months ago

Bitwarden is the way

[–] themoonisacheese@sh.itjust.works 10 points 11 months ago

Sites need to stop needing an account for everything. My haveibeenpwnd is full of sites that I can't believe had my email in the first place. Obviously I gave it to them but like cmon

load more comments (2 replies)
load more comments (10 replies)
load more comments (12 replies)