There is little improvement in basic password guidance, study

The study shows most of the world's top ten English-speaking websites offer little or no advice guidance on creating passwords less likely to be hacked.


A study by the University of Plymouth suggests that most leading brands on the internet, including Amazon and Wikipedia, are failing to support users with advice on how to securely protect their data.

Over 10 years after first inspecting the issue, a study indicated the greater part of the main ten English-speaking sites offer almost no exhortation direction on making passwords that are more averse to being hacked.

Some still enable individuals to utilize the word ‘password’, while others will permit single-character passwords and fundamental words, including a man’s surname or a rehash of their client’s personality.

Professor of Information Security Steve Furnell said, “It was concerning that more than a decade after the issue was first highlighted, companies were not doing more to aid consumers amid the increased threat of global cyber-attacks.”

“We keep hearing that passwords are a thing of the past. But despite the prospect of new technologies coming into force, they are still the predominant protection people can use when setting up online accounts. With personal data now being guarded more closely than ever, providing clear and upfront guidance would seem a basic means through which to ensure users can be confident that the information they are providing is both safe and secure.”

The study particularly examined the password practices of Google, Facebook, Wikipedia, Reddit, Yahoo, Amazon, Twitter, Instagram, Microsoft Live, and Netflix.

It took a gander at whether clients were given direction while making a record, changing their password or resetting a watchword, and how thoroughly any rules were authorized.

The best arrangements, considering the allowed password length and different limitations, were offered by Google, Microsoft Live, and Yahoo, which were added to the main three locales when the last appraisal was done in 2014.

The three slightest great sets of results were from Amazon, Reddit, and Wikipedia, with Amazon’s password prerequisites remaining the most liberal, in accordance with the past evaluations.

Actually, the one region where there has been an outstanding change over the entire 11 years is the extent of destinations that keep the word ‘password’ being utilized; however, even now, a few still permit it.

The main other change has been in the number of destinations offering some type of extra verification (from three of 2011 to eight in 2018), however, it isn’t something any of the sites evaluated flag amid the record join process.

Professor Furnell added: “With over ten years between the studies, it is somewhat disappointing to find that the overall story in 2018 remains largely similar to that of 2007. In the intervening years, much has continued to be written about the failings of passwords and the ways in which we use them, but little is being done to encourage or oblige us to follow the right path.”

“The increased availability of two-step verification and two-factor authentication options is positive. But users arguably require more encouragement or obligation to use them otherwise, like passwords themselves, they will offer the potential for protection while falling short of doing so in practice.”

Latest Updates