Nav: Home

Decade of research shows little improvement in websites' password guidance

July 17, 2018

Leading internet brands including Amazon and Wikipedia are failing to support users with advice on how to securely protect their data, a study shows.

More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.

Some still allow people to use the word 'password', while others will allow single-character passwords and basic words including a person's surname or a repeat of their user identity.

Professor of Information Security Steve Furnell conducted the research, having carried out similar assessments in 2007, 2011 and 2014.

He said it was concerning that more than a decade after the issue was first highlighted companies were not doing more to aid consumers amid the increased threat of global cyber-attacks.

"We keep hearing that passwords are a thing of the past," said Professor Furnell, Director of the University's Centre for Security, Communications and Network Research (CSCAN). "But despite the prospect of new technologies coming into force, they are still the predominant protection people can use when setting up online accounts. With personal data now being guarded more closely than ever, providing clear and upfront guidance would seem a basic means through which to ensure users can be confident that the information they are providing is both safe and secure."

The study, published in Computer Fraud and Security, examined the password practices of Google, Facebook, Wikipedia, Reddit, Yahoo, Amazon, Twitter, Instagram, Microsoft Live and Netflix.

It looked at whether users were provided with guidance when creating an account, changing their password or resetting a password, and how rigorously any guidelines were enforced.

The best provisions, taking into account permitted password length and other restrictions, were offered by Google, Microsoft Live and Yahoo were also the top three sites when the last assessment was carried out in 2014.

The three least favourable sets of results were from Amazon, Reddit and Wikipedia, with Amazon's password requirements remaining the most liberal, in line with the previous assessments.

In fact, the one area where there has been a notable improvement over the whole 11 years is the proportion of sites that prevent the word 'password' being used, but even now several still allow it.

The only other improvement has been in the number of sites offering some form of additional authentication (from three in 2011 to eight in 2018), but it is not something any of the websites assessed flag during the account sign-up process.

Professor Furnell added: "With over ten years between the studies, it is somewhat disappointing to find that the overall story in 2018 remains largely similar to that of 2007. In the intervening years, much has continued to be written about the failings of passwords and the ways in which we use them, but little is being done to encourage or oblige us to follow the right path.

"The increased availability of two-step verification and two-factor authentication options is positive. But users arguably require more encouragement or obligation to use them otherwise, like passwords themselves, they will offer the potential for protection while falling short of doing so in practice."
-end-


University of Plymouth

Related Wikipedia Articles:

Wikipedia articles on plane crashes show what we remember -- or forget
Disastrous current events trigger collective memory of certain past events, a new study of nearly 1,500 Wikipedia articles on airplane crashes and other incidents reports.
Research into why we remember some aviation disasters and forget others
Oxford University researchers have tracked how recent aircraft incidents or accidents trigger past events and how some are consistently more memorable than others.
Computer bots are more like humans than you might think, having fights lasting years
Bots appear to behave differently in culturally distinct online environments.
Wikipedia readers get shortchanged by copyrighted material
When Google Books digitized 40 years worth of copyrighted and out-of-copyright issues of Baseball Digest magazine, Wikipedia editors realized they had scored.
Technique shrinks data sets for easier analysis
At the Annual Conference on Neural Information Processing Systems, researchers from MIT's Computer Science and Artificial Intelligence Laboratory and the University of Haifa in Israel presented a new coreset-generation technique that's tailored to a whole family of data analysis tools with applications in natural-language processing, computer vision, signal processing, recommendation systems, weather prediction, finance, and neuroscience, among many others.
EEG reveals information essential to users
In a study conducted by the Helsinki Institute for Information Technology (HIIT) and the Centre of Excellence in Computational Inference (COIN), laboratory test subjects read the introductions of Wikipedia articles of their own choice.
Big data shows people's collective behavior follows strong periodic patterns
New research has revealed that by using big data to analyse massive data sets of modern and historical news, social media and Wikipedia page views, periodic patterns in the collective behaviour of the population can be observed that could otherwise go unnoticed.
Just give me some privacy
Not everyone who strives to navigate the internet without being tracked is up to no good.
Public interest in plane crashes only predicted 'if death toll is 50 or higher'
Researchers analyzed Wikipedia articles about 1,500 plane crashes around the world to discover that a death toll of around 50 is the minimum threshold for predicting significant levels of public interest.
Researchers reveal top 10 most popular reptiles (they're also the scariest...)
Scientists from Oxford University and Tel Aviv University have ranked the world's most 'popular' reptiles, revealing the species that capture the public's imagination and providing valuable quantitative data towards the debate surrounding conservation priorities.

Related Wikipedia Reading:

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Bias And Perception
How does bias distort our thinking, our listening, our beliefs... and even our search results? How can we fight it? This hour, TED speakers explore ideas about the unconscious biases that shape us. Guests include writer and broadcaster Yassmin Abdel-Magied, climatologist J. Marshall Shepherd, journalist Andreas Ekström, and experimental psychologist Tony Salvador.
Now Playing: Science for the People

#514 Arctic Energy (Rebroadcast)
This week we're looking at how alternative energy works in the arctic. We speak to Louie Azzolini and Linda Todd from the Arctic Energy Alliance, a non-profit helping communities reduce their energy usage and transition to more affordable and sustainable forms of energy. And the lessons they're learning along the way can help those of us further south.