When creating passwords for sites and apps, it’s important for us to look at what the site requires in terms of password strength. Which of the following shows that the site or app may not have strong enough rules for creating passwords?

A. The number of characters required is very low or there is no minimum defined at all.
B. Special characters are not allowed to be used in the password.
C. The company or organization sends your credentials (username and password) via email at any time, but especially on sign up.
D. The company or organization emails a new password.
E. The company or organization does not confirm your old password before allowing you to change it.

B and D

A, B and E

A and B

A, B, C, D and E

1 answer

The option that shows that the site or app may not have strong enough rules for creating passwords is:

A, B, C, D and E

All of these options indicate potential weaknesses in password policies and security practices:

  • A: A very low character requirement or no minimum defined at all weakens password strength.
  • B: Not allowing special characters limits password complexity, making it easier for attackers to guess.
  • C: Sending credentials via email can expose them to interception and isn't secure.
  • D: Emailing a new password can risk sending sensitive information over insecure channels.
  • E: Not confirming the old password when changing it could enable unauthorized changes to account settings.

Therefore, all of these factors indicate potentially weak password policies and security practices.