75 percent of the world's top websites allow bad passwords

Three-quarters of the world’s most popular English-language websites still allow people to choose the most common passwords such as “abc123456” and “P@$$w0rd.”

More than half of the 120 top-ranked websites also allow all 40 of the most common leaked and easily guessed passwords. The sites include popular shopping portals such as Amazon and Walmart, social media app TikTok, video streaming site Netflix and the company Intuit, maker of the tax-return software TurboTax that millions of people in the US use.

Amazon told New Scientist that it recommends users set up two-step verification and that the company may “require additional authentication challenges during sign-in” if it detects a security risk. Intuit chief architect Alex Balazs said he would investigate the findings and highlighted Intuit’s use of multi-factor authentication and fraud detection. The other companies mentioned above did not respond to New Scientist’s request for comment.

“It’s tempting to conclude that companies just don’t care about users’ security, but I don’t think that’s right… letting accounts get hacked is not at all in their interest,” says Arvind Narayanan at Princeton University.

To perform the analysis of English-language websites ranked as popular by various internet services, Narayanan and his colleagues manually checked 40 passwords on each site. Using each site’s password requirements, they selected 20 passwords from a randomized sampling of the 100,000 most frequently used passwords found in data breaches, along with the first 20 passwords guessed by a password cracking tool.

Only 15 websites blocked all 40 of the tested passwords. These included Google, Adobe, Twitch, GitHub and Grammarly.

Read more: https://www.newscientist.com/article/2325880-75-per-cent-of-the-worlds-top-websites-allow-bad-passwords/#ixzz7X5KarO8K

Comprehension

How many websites out of 120 top-ranked websites allow people to choose the most common passwords?
What are examples of those websites?
What does Amazon recommend to its users?
What websites blocked all 40 of the tested passwords?

Discussion

What images are in your mind when you hear the word 'password'?
Why do you think people continue to use weak and easily guessed passwords?
Do you think websites are concerned about users’ security?
How difficult is your password?
How much do you worry about online security?
Have you ever had problems online?
What do you think of the idea of passwords?
Have you ever forgotten your password?
What do you think of the Web Authentication system?

Vocabulary

authentication - The process or action of proving or showing something to be true, genuine, or valid.
detect - discover or identify the presence or existence of.
randomized - randomized
data breaches - an incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner.
password crack - process of using an application program to identify an unknown or forgotten password to a computer or network resource.