I take password security very seriously. I’ve already written about how people can improve their password habits to keep themselves safe. This piece, however, is for those of you who build websites which provide password-related functionality. This is a list of password crimes that some websites commit. I’ve described these crimes, then point out some criminals (a.k.a., websites) which commit these crimes.
(This list is not guaranteed to continue to be up-to-date. This post represents a snapshot in time, and is accurate as of early June 2014 when the first draft of this post was written.
I learned at a relatively young age what makes a good password versus a bad password, and I’ve tried to always use these qualities in the passwords that I choose. The Problem Unfortunately, even with the best intentions, you inevitably end up re-using one or a few passwords across every single website you log into. Some people do things as dumb as using the name of their significant other. Or their pet. Or a birthdate. Or something else equally guessable by one of the many supercomputers that exist (whereby “supercomputer”, I mean pretty much any computer invented in the past 5–7 years).