Study Finds Most Websites Don't Require Strong Passwords
A new study by password manager vendor Dashlane finds that 46 percent of consumer websites do not require strong passwords. The study assigned websites a score based on whether they required passwords of a certain length and complexity, offered a password strength assessment tool, resisted brute force attacks with CAPTCHA technology and required two-factor authentication. GoDaddy got a perfect score, but Netflix, Pandora, Spotify and Uber got zeroes.
However, in a recent interview, former National Institute of Standards and Technology (NIST) manager Bill Burr, who created much of the guidance on strong passwords, says that existing password recommendations don't actually make people more secure. “Much of what I did I now regret,” said Burr.