A weak password policy increases the probability of an attacker having success using brute force and dictionary attacks against user accounts. An attacker who can determine user passwords can take over a user's account and potentially access sensitive data in the application.
There are two ways in which this can be checked
- Check if you can use Password same as that of Email Address
- Check if you can use Username same as that of Email Address
- Try above mentioned when Resetting Password , Creating Account , Changing Password from Account Settings
- Check if you can use Password some Weak Passwords such as 123456, 111111 , abcabc , qwerty123
- Try above mentioned when Resetting Password , Creating Account , Changing Password from Account Settings
- Applications usually have Restrictions on Password while Creating Account, Make sure you check for both the cases when Resetting Password