Weak Password Requirements

Weak Password Requirements
Tags:

Overview

Weak password policies allow short, common, or predictable passwords.

Impact

This increases the success rate of brute-force, credential stuffing, and dictionary attacks.

Countermeasures

Require sufficient length, block known compromised passwords, rate-limit attempts, and support multi-factor authentication.

Examples

try {
  String id = request.getParameter("id");
  String passwd = request.getParameter("passwd");
}
catch (SQLException e){ ...... }

try {
    String id = request.getParameter("id");
    String passwd = request.getParameter("passwd");
    if (passwd == null || "".equals(passwd))
        return;
    if (!passwd.matches("") && (passwd.indexOf("@!#") > 0) && (passwd.length() > 7)) {
      ...
  } catch (SQLException e) { ...... }