Many popular internet sites including the likes of Amazon and Wikipedia have not succeeded in providing their users with the appropriate advice on how they can securely protect their data, claims a study done by the University of Plymouth.
The first study that analyzed this issue was done more than 10 years ago, and the finding still indicates that majority of the top 10 English- speaking websites do not provide any advice on how users can create passwords that are at a lower risk to be hacked.
A lot of these websites still let their users put their password as ‘password’ and others go along with single-character passwords and common password entries like the user’s surname or using their username as their password.
According to Steve Furnell, Professor of Information Security, who conducted routine studies on the same issue in 2007, 2011 and 2014, it raises a lot of red flags that these companies are not providing better assistance to help customers in this atmosphere of global cyber-attacks and privacy breaches.
“We keep hearing that passwords are a thing of the past,” said Furnell, who is also the Director of the University’s Centre for Security, Communications and Network Research (CSCAN). ”But despite the prospect of new technologies coming into force, they are still the predominant protection people can use when setting up online accounts.”
“With personal data now being guarded more closely than ever, providing clear and upfront guidance would seem a basic means through which to ensure users can be confident that the information they are providing is both safe and secure”, he added.
The study was published recently in the journal Computer Fraud and Security and talked about the analysis of password protection practices of companies like Google, Facebook, Wikipedia, Reddit, Yahoo, Amazon, Twitter, Instagram, Microsoft Live and Netflix.
For the study, researchers chose to look at whether or not users were given some sort of guidance when they create passwords for their accounts, or changed their passwords or reset it. The research team also looked at the factor of how rigorous the companies were with their guidelines.
After the last assessment in 2014, researchers saw that Google, Microsoft Live and Yahoo provided the best assistance to their users for setting a strong password whereas Amazon, Reddit and Wikipedia did not do a lot to guide their users to protect their information by means of a strong password.
The two things that changed for good was that there was a growth in the number of sites that don’t allow ‘password’ being used as the password and that users are asked for additional authentication, but a lot of sites still allow ‘password’ as a password and do not stop the user from creating an account if additional authentication is not completed.
“With over ten years between the studies, it is somewhat disappointing to find that the overall story in 2018 remains largely similar to that of 2007. In the intervening years, much has continued to be written about the failings of passwords and the ways in which we use them, but little is being done to encourage or oblige us to follow the right path”, said Furnell.
“The increased availability of two-step verification and two-factor authentication options is positive. But users arguably require more encouragement or obligation to use them otherwise, like passwords themselves, they will offer the potential for protection while falling short of doing so in practice.”
Sanjay
Find my password