“More than half of the websites in the study accepted passwords with six characters or less, with 75% failing to require the recommended eight-character minimum. Around 12% of had no length requirements, and 30% did not support spaces or special characters.”
It’s 2023 and I still see signup forms that are like “must have at least one of each: number, lowercase letter, uppercase character, special character (but not
, . " & / + < > {} []
)”That, plus no single sign-on (privacy issues aside) and login flow design so bad that password managers don’t know what the fuck is going on, and it’s no wonder password security is still a huge issue.
My old domain registrar set an 7 character limit, no special characters of any kind. Just numbers and letters. This was back in 2020 🫠