This article was written on March 18, 2023. It covers some changes that researchers have found. For example, don’t use specific passwords that could be guessed. There’s a sublist of new guidelines which are recommended from this research. Here are some statistics from this study:
- 75% of the examined websites did not stop users from using the most common passwords like “abc123456” and “P@$$w0rd.”
- 45% require specific characters, which potentially frustrate users and are not worth the small benefit in security.
- 19% of the websites used in the study had password strength meters, a valuable security tool for users. And even among those, the meters pushed users to use certain characters rather than focusing on overall stronger passwords.
Under Security, here are their recommendations:
- Allowed five or fewer of the 40 most common leaked passwords and easiest-to-guess passwords (such as “12345678”, “rockyou”) researchers tried.
- Required passwords be no shorter than eight characters or employed a password strength meter to gauge a password’s resilience against threat actors who attempt to guess it.
Under usability:
- Did not impose any character-class requirements such as “at least one digit and one special character.”
There’s more, let’s make sure we’re as security conscious as possible. We all can improve, including the fact that we shouldn’t use the same password on sites.
The article is titled New password rules to secure your accounts and i hope you enjoy it!
Please feel free to view the entire article and thanks for reading!
Edited 22:40 to fix list issue, link to article. Sorry about that!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.