Password meters actually work
Posted on 15 May 2013.
Password strength meters work, but only when users are choosing or changing passwords for "important" accounts, a group of researchers has found. They also confirmed that users are no more likely to forget a "strong" password than a "weak" one.



By using two different types of meters and checking their results against those provided by a control group that was not faced with one, they discovered that it doesn't matter what type of meter is used - whether it depends on peer-pressure or on the existing motivation of selecting a password that would be considered "strong", whether it was vertical or horizontal, or whether it used words, graphics or both - so long as it's used.

The testing has been performed both in a laboratory and in the field, and the tested individuals were unaware that passwords were the subject of the experiment so that their actions would not be influenced - the researchers simply added an account creation page to a website being used for another, unrelated study.

"One of our findings is that password meters do not yield much improvement in helping users choose passwords for unimportant accounts, yet they are very commonly deployed in such contexts. Equally, where meters make a difference— password changes for important accounts—they are less often seen. Thus, practice at real sites appears to be very far from what our results dictate. This indicates a real opportunity for improvement," the researchers pointed out.

The report includes more details about the researchers' approach and tentative conclusions about password reuse and other things, and is a really good read that also touches on a (in my opinion) not enough known tendency of people to heed subtle encouragements or nudges - a tendency that should definitely be taken in consideration for creating more secure and user-friendly systems.









Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //