- Weak Password Rules Drive Dangerous Habits on Major Global Websites
- Critical industries still rely on outdated requirements when handling sensitive user data
- Automated attacks exploit insecure credentials faster than websites can adapt
Many users struggle to create strong passwords across multiple accounts because the broader digital ecosystem rarely pushes them toward secure choices, according to a new study.
A NordPass report examining the thousand most visited online websites in the world today reveals that most platforms still allow short, predictable passwords, creating conditions where weak habits become normal over time.
Poorly enforced rules on major websites shape user behavior long before attackers exploit those loopholes, and current standards don’t reflect modern security realities.
Low application in critical sectors
“The Internet teaches us how to connect and for decades it has been teaching us the wrong lessons. If a site accepts ‘password 123’, users learn that this is enough and that it is not,” says Karolis Arbačiauskas, product manager at NordPass.
The report reveals that there are major inconsistencies in the way websites approach password protection, with sectors dealing with sensitive information often performing the worst.
Government, healthcare, and food sites demonstrated some of the weakest policy requirements, even though these sectors handle high-risk data.
Unfortunately, these platforms sometimes focus on ease of integration, especially those promoting free website design or simplified setup templates.
NordPass reports that 58% of websites tested allow passwords without special characters, and 42% impose no minimum length, while 11% impose no restrictions.
Only 1% meet best practice expectations by requiring longer, more complex combinations that utilize character variety and case sensitivity.
This means that many platforms operate with outdated identification policies that fail to keep pace with evolving threats.
The analysis also notes that authentication technologies remain unevenly adopted across the web, creating new inconsistencies in user security.
While 39% of websites support single sign-on, only a very small number have implemented passwords, even though they are more resilient and user-friendly than traditional passwords.
“Security should be a partnership. Websites can shape safer habits by guiding users through better design, such as clear rules, visual indicators or even modern authentication like passwords,” continues Arbačiauskas.
NordPass identified only five websites that meet the strictest criteria set by recognized standards, demonstrating how secure design principles spread slowly, even among high-traffic platforms, and limited adoption of advanced methods contributes to a fragmented security landscape.
The report warns that weak enforcement leaves users more vulnerable at a time when automated attacks are faster and more accessible.
Inconsistent requirements create attack surfaces that AI tools can easily exploit.
Additionally, relying on simplified publishing systems, including those powered by an AI-based website builder, can weaken policy enforcement when security controls lose priority.
These weaknesses can also extend beyond individuals and impact businesses, industries and governments when poor passwords are reused across multiple systems.
Strengthening digital hygiene therefore requires more than user awareness. This requires structural changes from the platforms that set the rules.
To compensate for lax enforcement, users increasingly rely on tools like a password manager to generate secure credentials.
“Password neglect didn’t appear out of nowhere. When websites stop requiring strong credentials, users stop creating them. What we’re actually seeing is a cultural shift both among Internet users and Internet developers,” says Arbačiauskas.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
