The worst passwords of 2023 are also the most common, “123456” comes in first::undefined

  • ricecake@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    There was a belief, before the advent of ubiquitous password managers, that allowing passwords to be “too long” would result in people forgetting their password more often, entering it wrong, or some combination which would increase reset requests and ultimately cause people to use worse passwords. Basically “you can’t remember a 54 character random password, and you’re gonna get pissed and switch to a six character predictable word”.

    This is now obviously a terrible line of reasoning, but it was only middling bad at the time.

    • JustAnotherRando@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Oh, i guess that makes some sort of sense - obviously I disagree with the conclusion, but I understand it - but it’s beyond frustrating when you think “maybe I’ll pay this bill online” and see that limit. And even if that is the reasoning for the limit, if they haven’t updated their requirements in all that time, I have little faith that they’re storing my sensitive information securely.

      • __init__@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I feel like most of the sites I’ve seen password limits like this on are financial in nature, where it’s all theatrics - the appearance of security takes precedence over (and in some cases comes at the expense of) actual security.