1. Forum
  2. SFNet
  3. SciFi Becomes Reality

  • Can't think of a good pas

    From Dumas Walker@42:17/1 to All on Sun Nov 9 10:28:15 2025
    Can't think of a good password for every account? It's not your fault - you
    can also blame the websites themselves, a new study says

    Date:
    Sat, 08 Nov 2025 21:29:00 +0000

    Description:
    Report finds widespread weak password enforcement across major websites, exposing users and industries to increased automated attacks.

    FULL STORY

    Many users struggle to create strong password credentials across multiple accounts because the broader digital ecosystem rarely pushes them toward
    secure choices, new research has claimed.

    A report from NordPass examining the one thousand most visited global
    websites online today, found most platforms still allow short and predictable passwords, creating conditions where weak habits become normal over time.

    Poorly enforced rules across major websites shape user behavior long before attackers exploit those gaps, and current standards do not reflect modern security realities.

    Weak enforcement across critical industries

    The internet teaches us how to log in and for decades, its been teaching us
    the wrong lessons. If a site accepts password123, users learn thats enough
    and its not, says Karolis Arbaiauskas, head of product at NordPass.

    The report reveals there are major inconsistencies in how websites approach password protection, with sectors handling sensitive information often performing the worst.

    Government, health, and food-related sites demonstrated some of the weakest policy requirements, even though these industries manage high-risk data.

    Unfortunately, these platforms sometimes focus on ease of onboarding, especially those promoting free website design or simplified setup models.

    NordPass reports that 58% of tested websites allow passwords without special characters, and 42% impose no minimum length, while 11% impose no
    restrictions whatsoever.

    Only 1% meet best-practice expectations by requiring longer, complex combinations that use character variety and case sensitivity.

    This means many platforms operate with dated credential policies that fail to match the pace of evolving threats.

    The analysis also notes that authentication technologies remain unevenly adopted across the web, creating further inconsistencies in user security.

    While 39% of websites support single sign-on, only a very small number have implemented passkeys, even though they are more resilient and user-friendly than traditional passwords.

    Security needs to be a partnership. Websites can shape safer habits by
    guiding users through better design like clear rules, visual indicators, or even modern authentication like passkeys, Arbaiauskas continues.

    NordPass identified just five websites that meet the strictest criteria
    defined by recognized standards, demonstrating how slowly secure design principles spread, even among high-traffic platforms, and the limited
    adoption of advanced methods contributes to a fragmented security landscape.

    The report warns weak enforcement makes users more vulnerable at a time when automated attacks are faster and more accessible.

    Inconsistent requirements create attack surfaces that artificial intelligence tools can exploit with ease.

    Also, reliance on simplified publishing systems, including those powered by
    an AI website builder , can weaken policy enforcement when security checks
    are deprioritized.

    These weaknesses can also extend beyond individuals, affecting companies, industries, and governments when low-quality passwords are reused across multiple systems.

    Strengthening digital hygiene, therefore, requires more than user awareness.
    It demands structural changes from the platforms that set the rules.

    To compensate for lax enforcement, users rely increasingly on tools such as a password manager to generate secure credentials.

    Password carelessness didnt appear out of nowhere. When websites stop
    demanding strong credentials, users stop creating them. What were really looking at is a cultural shift in both internet users and internet
    developers, says Arbaiauskas.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cant-think-of-a-good-password-for-every -account-its-not-your-fault-you-can-also-blame-the-websites-themselves-a-new-s tudy-says

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (42:17/1)