Submission + - Nearly half of top 1,000 websites have no password length requirements (scworld.com)
spatwei writes: At least 42% of the top 1,000 most-visited websites have weak password requirements, according to research published by NordPass on Wednesday.
NordPass’ research looked at sites from Ahrefs’ list of the top 1,000 most visited websites based on monthly visits from organic search between Feb. 26 and March 6, 2025. Nearly two-third of these sites (61%) allow users to log in with a password.
The study found that only five websites out of the top 1,000 enforced minimum password length, special characters and case sensitivity requirements together, while 58% did not require special characters and 42% did not have minimum password length requirements.
“The internet teaches us how to log in and for decades it’s been teaching us the wrong lessons. If a site accepts ‘password123,’ users learn that’s enough and it’s not. People normalized minimal effort for maximum risk,” NordPass Head of Product Karolis Arbaciauskas said in a statement provided to SC Media.
The research further found that 11% of websites have no requirements at all for password creation, and just 2% support passkeys as a more secure alternative to passwords. A little more than a third (39%) offered a single sign-on (SSO) option, mostly through Google.
NordPass’ research looked at sites from Ahrefs’ list of the top 1,000 most visited websites based on monthly visits from organic search between Feb. 26 and March 6, 2025. Nearly two-third of these sites (61%) allow users to log in with a password.
The study found that only five websites out of the top 1,000 enforced minimum password length, special characters and case sensitivity requirements together, while 58% did not require special characters and 42% did not have minimum password length requirements.
“The internet teaches us how to log in and for decades it’s been teaching us the wrong lessons. If a site accepts ‘password123,’ users learn that’s enough and it’s not. People normalized minimal effort for maximum risk,” NordPass Head of Product Karolis Arbaciauskas said in a statement provided to SC Media.
The research further found that 11% of websites have no requirements at all for password creation, and just 2% support passkeys as a more secure alternative to passwords. A little more than a third (39%) offered a single sign-on (SSO) option, mostly through Google.
Nearly half of top 1,000 websites have no password length requirements More Login
Nearly half of top 1,000 websites have no password length requirements
Slashdot Top Deals