Do companies care about our online security ?
I recently released my last project.
It is a lightweigth, free and easy to use web service, that lets users know if a password is strong enough, so hackers can’ t guess it
Plain password is never revealed because users don’ t send it . They send just the hash of the password which makes it next to impossible to determine what the real password is. Communication with the web service, is secure: it goes over https all the way.
It is extremely fast (responses in the tenth of a second) and it has the potential to make the sign-up code easier. This is because instead of having to code complex and difficult password requirements, you can just call the service, and it returns if that password is secure, with a yes or no (0 or 1)
You can reach it at https://passable.io
So, I decided to start promoting it. My plan included the following, in no special order :
- Create a comprehensive documentation in the website.
- Try to reach potential users (developers)
- Identify the most visited websites and check if they allow users to sign-up with hackable passwords. Contact them to let know if they do .
- Write articles to spread the word about the project.
So to perform the third point I searched for Alexa (alexa.com) to get the 1000 most visited websites on the Internet
Afterwards I selected the 200 most visited websites and tried to create an account using a hackable and weak password that meets usual password requirements (Superman1) with those that allow sign-up.
The results? Just a few companies (Google, Facebook or Microsoft to name some of them) had mechanisms that doesn’t allow a user to sign-up using a long and weak password
So I contact each of the companies that don’ t check that users type a strong password letting them know about that and the possibility to use my free web service, and to contact me if they need more info
So far, I have received no contact from any of those companies, and there was no traffic from them either. I doubt a single one of them to have made anything to solve this
This makes me wonder: do companies care about online security ? Hackings like the Apple Cloud leak of celebrity photos, could have been avoided had my web service being used or any other security measure had been taken by that company.