Decade of research shows little improvement in websites' password guidance

July 17, 2018

Leading internet brands including Amazon and Wikipedia are failing to support users with advice on how to securely protect their data, a study shows.

More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.

Some still allow people to use the word 'password', while others will allow single-character passwords and basic words including a person's surname or a repeat of their user identity.

Professor of Information Security Steve Furnell conducted the research, having carried out similar assessments in 2007, 2011 and 2014.

He said it was concerning that more than a decade after the issue was first highlighted companies were not doing more to aid consumers amid the increased threat of global cyber-attacks.

"We keep hearing that passwords are a thing of the past," said Professor Furnell, Director of the University's Centre for Security, Communications and Network Research (CSCAN). "But despite the prospect of new technologies coming into force, they are still the predominant protection people can use when setting up online accounts. With personal data now being guarded more closely than ever, providing clear and upfront guidance would seem a basic means through which to ensure users can be confident that the information they are providing is both safe and secure."

The study, published in Computer Fraud and Security, examined the password practices of Google, Facebook, Wikipedia, Reddit, Yahoo, Amazon, Twitter, Instagram, Microsoft Live and Netflix.

It looked at whether users were provided with guidance when creating an account, changing their password or resetting a password, and how rigorously any guidelines were enforced.

The best provisions, taking into account permitted password length and other restrictions, were offered by Google, Microsoft Live and Yahoo were also the top three sites when the last assessment was carried out in 2014.

The three least favourable sets of results were from Amazon, Reddit and Wikipedia, with Amazon's password requirements remaining the most liberal, in line with the previous assessments.

In fact, the one area where there has been a notable improvement over the whole 11 years is the proportion of sites that prevent the word 'password' being used, but even now several still allow it.

The only other improvement has been in the number of sites offering some form of additional authentication (from three in 2011 to eight in 2018), but it is not something any of the websites assessed flag during the account sign-up process.

Professor Furnell added: "With over ten years between the studies, it is somewhat disappointing to find that the overall story in 2018 remains largely similar to that of 2007. In the intervening years, much has continued to be written about the failings of passwords and the ways in which we use them, but little is being done to encourage or oblige us to follow the right path.

"The increased availability of two-step verification and two-factor authentication options is positive. But users arguably require more encouragement or obligation to use them otherwise, like passwords themselves, they will offer the potential for protection while falling short of doing so in practice."
-end-


University of Plymouth

Related Wikipedia Articles from Brightsurf:

Wikipedia visits to disease outbreak pages show impact of news media on public attention
During the 2016 Zika outbreak, news exposure appears to have had a far bigger impact than local disease risk on the number of times people visited Zika-related Wikipedia pages in the U.S.

Automated system can rewrite outdated sentences in Wikipedia articles
A system created by MIT researchers could be used to automatically update factual inconsistencies in Wikipedia articles, reducing time and effort spent by human editors who now do the task manually.

Wikipedia, a source of information on natural disasters biased towards rich countries
This is the result of a study led by Valerio Lorini, a PhD student on the ICT programme, led by Carlos Castillo, coordinator of the Web Science and Social Computing group, with Javier Rando, a student at UPF doing the bachelor's degree in Mathematical Engineering in Data Science, focusing on flooding as a case study.

Rise of the bots: Stevens team completes first census of Wikipedia bots
Researchers at Stevens Institute of Technology, in Hoboken, N.J., have completed the first analysis of all 1,601 of Wikipedia's bots, using computer algorithms to classify them by function and shed light on the ways that machine intelligences and human users work together to improve and expand the world's largest digital encyclopedia.

Secretome of pleural effusions associated with non-small cell lung cancer (NSCLC) and malignant meso
Cryopreserved cell-free PE fluid from 101 NSCLC patients, 8 mesothelioma and 13 with benign PE was assayed for a panel of 40 cytokines/chemokines using the Luminex system.

Anatomy of a cosmic seagull
Colourful and wispy, this intriguing collection of objects is known as the Seagull Nebula, named for its resemblance to a gull in flight.

The Wikipedia gender gap
In a recent University of Washington study, researchers interviewed women 'Wikipedians' to examine the lack of female and non-binary editors in Wikipedia.

Dermatology students improve Wikipedia entries on skin disease
A group of medical students recruited to improve Wikipedia articles on skin-related diseases, saw millions more views of those stories following their editing, highlighting the value of expert input on the popular web encyclopedia.

Could internet activity provide accurate in plant and animal conservation?
More than a quarter of the species in their dataset showed seasonal interest.

Analysis of billions of Wikipedia searches reveals biodiversity secrets
An international team of researchers from the University of Oxford, the University of Birmingham and Ben-Gurion University of the Negev have found that the way in which people use the internet is closely tied to patterns and rhythms in the natural world.

Read More: Wikipedia News and Wikipedia Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.