Security News GoDaddy Has the Best Password Practices, Netflix, Spotify, Uber Have the Worst

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The team at Dashlane — a password manager app — has analyzed the password policies of 40 popular online services and has discovered that not all websites are alike when it comes to password security, but some are worse than others.

In their latest study, researchers registered accounts on 40 sites and recorded which websites follow five simple rules:

✑ Does the website require users to have passwords that are 8 or more characters?
✑ Does the website require users to have passwords with a combination of letters, numbers, and symbols?
✑ Does the website provide an on-screen password strength meter to show users how strong their password is?
✑ Does the website feature brute-force protection as to allow 10 incorrect login attempts without providing additional security (CAPTCHA, account lockout, 2-Factor, etc.)?
✑ Does the website support 2-Factor Authentication?
 

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
I don't agree with that "study's" conclusion, since it follows along the lines of AV-Comparatives in the trend to dumb down users instead of educating them.

It'd be justified to downrate services that don't allow the usage of long passwords or all kinds of characters. I always wonder why some limit you to like 8 characters and/or can't handle symbols.

I'm all for 2FA and brute-force protection server-side, but it's up to me to choose a password. And if it's for something silly like Netflix, I want something I can remember, because I need to input it into like a thousand different devices (PCs, Mac, iPhone, iPad, AppleTV, etc.) The last thing I need is Netflix telling me I need a 90 character password with 75 different symbols. I think I'd rather cancel the service than having to deal with that. After all, this isn't my bank account either and if somebody where to hack it, I'd simply request a password reset. No harm done.

As for GoDaddy, we're talking about the provider who'll offer you on a plate to any agency as soon as they as much as think about ringing them up about you. That's just how "secure" they are. :D
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top