Skip to content
Kashif Ali

It’s official: Password strength meters aren’t security theater

May 13, 2013 arstechnica.com

If you've ever been nagged about the weakness of your password while changing account credentials on Google, Facebook, or any number of other sites, you may have wondered: do these things actually make people choose stronger passcodes? A team of scientists has concluded that the meters do work—or at least they have the potential to do so, assuming they're set up correctly.

The researchers—from the University of California at Berkeley, the University of British Columbia in Vancouver, and Microsoft—are among the first to test the effect that the ubiquitous password meters have on real users choosing passwords. They found that meters grading the strength of passwords had a measurable impact in helping users pick stronger passcodes that weren't used on other accounts. But the group also discovered these new, stronger passwords weren't any harder for users to remember than weaker ones.

The scientists were quick to point out caveats to their findings. For one, the meters provided little benefit when users were choosing passwords while setting up a new account, as opposed to changing passwords for an already established account. And the meters provided no improvement for accounts people considered unimportant.

Read 13 remaining paragraphs | Comments

  • passwords

Post navigation

Previous: PentesterLab.com – Excercises To Learn Penetration Testing
Next: Travnet Botnet Controls Victims With Remote Admin Tool

Archives

Tags

Adobe Android anonymous Apple Biz & IT censorship Crime Cybercrime Cybersecurity Data loss data protection DDoS Exploit Facebook FBI Featured hack hacking Hacks and Cracks https intellectual property iphone Law & order Malware Mobile NEWS & INDUSTRY OS X passwords phishing politics privacy Scam Social networks Spam SSL Stuxnet Surveillance Tech The Courts The Ridiculous Twitter Uncategorized Vulnerability Windows Zero Day
Powered by WordPress | Theme: Design by obaydulla