75% of the most popular websites on the web allow weak passwords such as 12345678, abc123456, and P@$$w0rd. In addition, nearly half of these sites tax users by requiring a special character in their password. This is the result of research by Princeton University into the password policies of popular websites. For the study, the researchers looked at whether the 120 most popular English-language websites on the Internet adhere to password best practices. This includes blocking weak passwords that appear in data breaches or are easy to guess, using a strength meter to give users real-time feedback on the strength of their passwords, and not forcing users to use special character types in their passwords. to use. Only 15 of the top 120 sites surveyed, including Google, Adobe, Twitch, GitHub, and Grammarly, are found to follow these best practices. The researchers used a list of the 40 most leaked passwords, among other things. For example, half of the websites allow the use of all 40 weak passwords and another 19 sites allow more than half of these passwords. Furthermore, only 23 of the 120 websites use a strength meter and more than half require the use of certain characters, such as special characters and numbers. Other studies show that requiring longer passwords and not requiring specific characters makes for stronger passwords. The US National Institute of Standards and Technology, an American organization that is responsible, among other things, for drawing up cybersecurity guidelines for the US government, advises websites not to require users to use certain characters in their passwords. Since passwords still play an important role when logging in to accounts, the researchers advise websites to focus on the security and usability of passwords. For example, websites should better block weak passwords, abolish outdated password policies with specific characters and adjust misconfigured strength meters. “Passwords have been explicitly researched, but few websites have implemented password policies that reflect the lessons learned,” said researcher Kevin Lee.