If I wasn’t banging my head against a brick wall so hard, I might actually find this funny.
Consider this question.
"What's your favorite internet password?"
How would you feel if a website asked you totell it what your favorite password is?
Richard Wang, one of the threat experts in SophosLabs, pointed me towards the UPSJobs website, where you can create a profile if you’re interested in investigating a career with the company.
As you can see in the video I made, it’s easy to create an account – but they don’t offer much help when it comes to choosing a sensible password to secure it.
[youtube=http://www.youtube.com/watch?v=cAy7ftogjtU&w=500&rel=0] (Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)The UPSJobs site actually encourages you not to use a unique password, but instead to use a password that other people might be able to guess (such as the name of your most loved pet or movie).
What really gob smacks me, however, is that they should prompt users to use their “favorite internet password”! That’s hardly a safe thing to encourage.
It actually gets worse. When I first created a profile on UPSJobs, and tried to use a half-decent password (one that contained extended characters such as exclamation marks, and dollar signs), the site wouldn’t accept it as my password.
Again, by refusing to accept a more complex password they were actively encouraging me to choose a simpler, easier-to-hack password.
On many occasions Naked Security has written about how to choose a strong password, but it shouldn’t be forgotten that websites can do more to assist security too and help prevent innocent users from making unsafe choices.
* Image source: canonsnapper’s Flickr photostream (Creative Commons)