It is important to set strong passwords even if a website’s password policy does not require it. Ending a password with an “*” or “$” is one good technique, along with using differing passwords for each website. This article evaluates strong and weak password protection policies among major websites.
QUOTE: Dashlane’s researchers analyzed the password policies of more than 80 popular websites, awarding points for policies that improve security and deducting points for risky policies. For example, a site that sends a confirmation email after password change earns 10 points, but a site whose notification includes the password in plain text loses 30 points. A site that accepts passwords of three character or shorter loses 5 points; one that requires at least eight characters gains 20 points.
The possible range of scores runs from a perfect 100 points down to a dismal -100 points. Dashlane considers a site reasonably secure if it earned at least 50 points. Only 14 percent of the surveyed sites managed that feat, and 53 percent earned negative scores. Unless forced to do better by a site’s password policies, many people still use terrible passwords like “password,” “123456,” and “qwerty.” Dashlane identified the ten worst offenders and dinged each site by 2.5 points for each that was accepted. More than 40 percent of the sites accepted all ten. A handful blocked almost all, but tripped up on “abc123.”