How major web companies (and banks) handle passwords quite wrong

There’s a very interesting “movement” in password handling going on for a long time, the basic idea is to encourage people NOT to use passwords that consists of letters, numbers and special characters and use VERY LONG text only.

This may sound weird, as this is exactly the opposite of what every internet-using person has been teached all over the years, even by the biggest websites on the planet, even by banks and high-risk applications.

But it’s wrong.

There is this excellent “comic” describing quite good why special chars in a password are not really good:

Have a look on the excellent talk on security.stackexchange.com about that:
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase

The really weird thing is, that even the biggest player, even banks, paypal etc. still rely on the old-school password judging. I’ve found an excellent article that shows disturbing results of the companies password strenght meter, just have a look (click for larger picture):

Find the full article here:
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Remember, these are some of the biggest internet-players, companies whose user accounts are extremely valueable for hackers!

Awesome.

Note: This article will get updates.

How major web companies (and banks) handle passwords quite wrong

MINI2, an extremely simple barebone PHP application on top of Slim

Get Github’s code colors in PHPStorm (2014 style)

8 awesome pure CSS spinner / loader

A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 13.10 (Saucy Salamander)

How to install / setup PHP 5.5.x on Ubuntu 12.04 LTS

You made a mess with Git ? Here’s a flowchart guideline on how to fix

How to enable mod_rewrite in Ubuntu 14.04 LTS

Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS

Increase your PageSpeed score (10min video with Matt Gaunt)

Support FLARUM, the future of PHP forum scripts (with some dollars on Kickstarter)

Awesome next-gen PS4 graphics in “The Order: 1886”

How to setup a config-free WordPress, PHP and MySQL (for local development) in Windows 7 / 8 in under 3 minutes

How to copy Vagrant boxes (or duplicate them)

Test out PHP 5.6alpha1 on Windows 7 / 8 with two clicks

Beautiful, minimal WordPress theme ZUKI by Elmastudio (with 30% discount)

Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)

How to install GitHub’s, NetBeans’s and Sublime2’s syntax highlighting code colours theme in PHPStorm 6/7

Composer problems ? Try full reset !

Push database changes to all clients in real-time (!) with AngularJS and Firebase

Frontend Ops Conf 2014 – Sarah Goff-Dupont: Git, Continuous Integration and Making It Pretty (31min video)

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

First view on Zend Framework 3 by Matthew O’Phinney

Joshua Davis – my hero of Flash – in two excellent interviews (audio, video)

All new features of WordPress 3.9 in this 2 minute video

How to install PHP curl extension (in 5 seconds)