Believe it or not, there is still a large number of people who use passwords such as “password,” “password123”, “[dog’s name]1” and others along the same lines. And in the era of sophisticated hacking, these passwords are not exactly “safe.”
Before me, this is the first thing websites should inform you while setting up a password. But apparently, many big names are not doing enough to encourage non-terrible passwords, according to the new research.
Steve Furnell from the University of Plymouth has been keeping tabs on the websites like Amazon, Reddit, and Wikipedia for many years, carrying out similar assessments in 2007, 2011 and 2014.
His 2018 survey examined practices of Google, Facebook, Wikipedia, Reddit, Yahoo, Amazon, Twitter, Instagram, Microsoft Live, and Netflix. The study concluded that Amazon had the worst performance among all the names. It nearly accepted every kind of password of any length. On the other hand, Yahoo and Wikipedia even allowed passwords with single characters.
On the contrary, the survey saw Google, Yahoo and Microsoft showing improvements in the password practices from the last study of 2014.
Steve thinks it is alarming that after a decade of continuously highlighting the issues, essential websites on the internet fail to encourage for good passwords in the era of global cyber attacks. However, what could be seen as a positive thing is the increasing presence of options like two-step verification and two-factor authentication among others.
“With over ten years between the studies, it is somewhat disappointing to find that the overall story in 2018 remains largely similar to that of 2007. In the intervening years, much has continued to be written about the failings of passwords and the ways in which we use them, but little is being done to encourage or oblige us to follow the right path,” says Steve in his research.