New Project: PasswordStandards.com

I’ve just registered the domain of passwordstandards.com as part of a new project. The goal of the endeavor is to call attention to online services that don’t allow their users to select decently strong passwords. This is especially crucial for services that are financial in nature or maintain other types of sensitive information.

Project Clarification

First things first — the main focus of this site is to allow users to select strong passwords, not to disallow them from selecting weak ones. Prohibiting weak passwords is important as well but will not be the focus of the project.

Basic Goals

• Maintain a list of offenders and regularly “encourage” those on the list to improve

• Have a few categories for the sites listed, e.g. financial, personal, etc.

• For each site show the existing, weak standard that they support, e.g. no capitalization, or no special characters

• Provide an interface for the community to submit sites for addition or deletion

The Mission Statement

So let’s agree on a general project statement. Here’s what I’m thinking:

Please allow at least the following:

1. Ten (10) total characters in length

2. Lowercase and uppercase letters

3. Numbers (0-9)

4. Basic special characters (to be agreed upon)

Thoughts?

Related posts:

1. Preparing to Release the OWASP IoT Top 10 2018 (Updated: Released)

2. 10 Behaviors That Will Reduce Your Risk Online

3. A 3-Tiered Approach to Securing Your Home Network

4. Primary Concern Theory