Study examines websites’ password practices
Plymouth University research shows online retailers and social networking sites could do more to campaign for better password practices.
If these companies and others were to include simple explanations about enhancing password security, and some better enforcement of good practice, the extent of our collective online security could be dramatically improved, Professor Steve Furnell, Head of Plymouth University’s School of Computing and Mathematics
Global IT giants including Amazon and LinkedIn could be doing far more to raise awareness of the need for better password practices among their users.
Analysis by Professor Steve Furnell, Director of the Centre for Security, Communications and Network Research at Plymouth University, looked into the password security controls in place among ten of the world’s most visited websites.
It revealed very few of them give detailed guidance about the importance of providing secure passwords, either when users were creating or updating accounts.
The majority also provided little or no information about the reasons why password protection is important, and while some did make suggestions about best practice, very few went on to enforce their own advice.
For the study, carried out in August and published in the latest edition of the Computer Fraud and Security journal, Professor Furnell focussed on ten websites featured in the top 30 places of the global Alexa rankings – Google, Facebook, Yahoo!, Wikipedia, Twitter, Amazon, Microsoft Live, LinkedIn, WordPress.com and Pinterest.
He then examined the advice offered to users when they were creating accounts and changing or resetting passwords, with particular focus on length, alphanumerical inclusion, prevention of guessable choices, and the presence of password strength meters.
It showed that across the ten sites, there were 30 opportunities to provide detailed guidance but only a third of them were taken, with just Google providing advice at each of the sign-up, password change and password reset stages.
This is the third time Professor Furnell has conducted a study of this kind, with previous analyses in 2007 and 2011. Further studies at Plymouth University have also shown users can be encouraged to choose stronger and less obvious passwords if appropriate guidance and support is provided. He added:
“In the seven years of conducting this study, there has not been the level of improvement one might have expected. If these companies and others were to include simple explanations about enhancing password security, and some better enforcement of good practice, the extent of our collective online security could be dramatically improved. In many cases, there is a fear about creating barriers which would stop people signing up to their service. But recent cybersecurity incidents have shown that securing passwords and providing informed guidance has never been more crucial.”By Mr Alan Williams,
Press and PR Officer
This news content was configured by WebWire editorial staff. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.