Are you sure the password you created for your gmail or Facebook account strong enough?
Well,
if you went by the green bar that indicated your password to be strong
enough, then it may not be as fool-proof as you thought, warns new
research slated to be published in the journal ACM Transactions on
Information and System Security.
The
new research from the Concordia University exposes the weakness of
password strength meters, and shows consumers should remain sceptical
when the bar turns green in order to create strong passwords.
“We
found the outcomes to be highly inconsistent. What was strong on one
site would be weak on another,” said lead researcher professor Mohammad
Mannan.
“These
weaknesses and inconsistencies may confuse users in choosing a stronger
password, and thus may weaken the purpose of these meters,” he added.
Researchers
sent millions of not-so-good passwords through meters used by several
high-traffic web service providers, including Google, Yahoo!, Dropbox,
Twitter and Skype.
They also tested some of the meters found in password managers, allegedly designed with the relevant expertise.
But
on the other hand, our findings may help design better meters, and
possibly make them an effective tool in the long run,” said
co-researcher Xavier de Carne de Carnavalet.
So
what can companies do? Start by emulating Dropbox, the researchers
recommend. The popular file-sharing site had the most robust password
strength meter, and the software is open-source.
“Dropbox’s rather simple checker is quite effective in analysing passwords, and is possibly a step towards the right direction.
“Any
word commonly found in the dictionary will be automatically be caught
by the Dropbox meter and highlighted as weak,” Mannan explained.
“That automatically prompts users to think beyond familiar phrases when creating passwords,” he said.
Posted by : Gizmeon
No comments:
Post a Comment