[jgrahamc]

We should start a new award for web sites with crap password security. Let's name it after Robert Morris (Senior) who essentially inventing password hashing.

A Morris Award would be a bit like a Darwin Award for people who've failed to learn anything about password security and in doing so have been exposed.

Recent Morris Award winners: LinkedIn, last.fm, eHarmony, Tuts+, ...

[nulluk]

I have talked about & mentioned something similar before but bundeling the whole thing into a browser extension.

Every site you hit gets checked against a local list thats periodically updated. It throws up an information bar with bad security practices associated with the site you are browsing, everything from mailing plaintext password to the idiotic things like above.

If it becomes trusted enough it might move some developers/organisations to actually take action, if not it will at least warn individuals of the obvious problems before they signup and not afterwards like at the moment.

Edit: Last sentence didn't make sense.

[yock]

Another criteria, perhaps...

My wife loves to use Big Oven to find recipe ideas. I thought I'd also start using it so we could share those ideas more easily. When they rejected my password for having "invalid special characters" however...

[creativityhurts]

More potential "winners" are here http://plaintextoffenders.com/

[flyswatter]

I think for impact there should be one grand winner each year. Otherwise there will soon be too many to count I'm afraid.

Maybe also an award for most silly password policy?

[pwny]

I feel weekend project potential here!