Ask HN: Is there a public shaming list for websites with bad password policies?

2 points

10 years ago

I use password generation algorithms, so that I can have unique but memorable passwords to every site that I use. (NOTE: I don't like using random password generators, because I often have to access sites from different computers, and password keepers are not always conducive to this. For that matter, I prefer to be the only one who knows all of my passwords!)

Sometimes websites have password policies that I'm sure they believe to be enforcing security, when in reality it requires me to use a less-secure password than I otherwise would. I got bit by this again last night, and I want to do something to let these companies know that their password policies are limiting security at best, and at worst indicate poor password storage procedures.

Quite frankly, I would like to name-and-shame them somewhere, and I assume that here is as good a place as any. Please add to this list (or point out another place where their misdeeds can be publicly aired!).

walmart.com limits my password to 12 characters. (also implies that passwords are stored in a retrievable manner)

2 comments