"Largest Study of its Kind Shows Outdated Password Practices are Widespread"

According to a new Georgia Tech cybersecurity study on the current state of password policies across the Internet, three out of four of the world's most popular websites fail to meet minimum requirement standards, allowing tens of millions of users to create weak passwords. Researchers discovered that 12 percent of websites completely lacked password length requirements. They made this discovery using a first-of-its-kind automated tool that can assess a website's password creation policies. Assistant Professor Frank Li and Ph.D. student Suood Al Roomi in Georgia Tech’s School of Cybersecurity and Privacy developed the automated assessment tool to analyze all sites in the Google Chrome User Experience Report (CrUX). Li and Al Roomi's technique for inferring password policies was successful on over 20,000 sites in the database, revealing that many sites allow very short passwords, do not block common passwords, and use outdated requirements such as complex characters. This article continues to discuss the study "A Large-Scale Measurement of Website Login Policies."

Georgia Tech reports "Largest Study of its Kind Shows Outdated Password Practices are Widespread"

Submitted by grigby1