Many websites allow passwords equal to username or e-mail address. Is this not a security risk?
I’m currently testing password policies on websites to get a feeling for what might be an acceptable policy/trade-off that provides good protection for our users without frustrating them.
I was surprised to find out that eac… Continue reading Many websites allow passwords equal to username or e-mail address. Is this not a security risk?