Stories
Slash Boxes
Comments

SoylentNews is people

Decade of Research Shows Little Improvement in Websites' Password Guidance

posted by Fnord666 on Tuesday July 17 2018, @06:24PM   Printer-friendly
from the correct-horse-battery-staple dept.

Phoenix666 writes:

More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.

Some still allow people to use the word 'password', while others will allow single-character passwords and basic words including a person's surname or a repeat of their user identity.

Professor of Information Security Steve Furnell conducted the research, having carried out similar assessments in 2007, 2011 and 2014.

Have password restrictions ever helped?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Decade of Research Shows Little Improvement in Websites' Password Guidance | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Funny) by NewNic on Tuesday July 17 2018, @08:19PM (3 children)

    by NewNic (6420) on Tuesday July 17 2018, @08:19PM (#708499) Journal

    Banks!

    My bank actually sent me an email that was indistinguishable from a phishing email. The email included an obscured link (a URL shortener). It did not come directly from the bank (it came from an outsourced email service). It didn't have my real name in the "To:" field. There was no way to tell by looking at the email (including the headers) if it was legitimate.

    They did not respond when I forwarded it to the email address they set up to report phishing: perhaps because I told them that they were stupid to send out an email that looked just like a phishing attempt.

    --
    lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
    Starting Score:    1  point
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by NewNic on Tuesday July 17 2018, @08:22PM

    by NewNic (6420) on Tuesday July 17 2018, @08:22PM (#708501) Journal

    I should add that this bank also uses certain characters of the password (eg. 1st, 3rd, 6th) to log on. This means that they have stored my password in a fashion that allows for recovery of the full text.

    On the other hand, they use 2FA for any money transfers. They provide a card reader, which can read chip-enabled cards.

    --
    lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory

  • (Score: 2) by FatPhil on Wednesday July 18 2018, @08:10AM (1 child)

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Wednesday July 18 2018, @08:10AM (#708705) Homepage
    That depth of utter stupidity has to be Barclays.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

    • (Score: 2) by NewNic on Wednesday July 18 2018, @07:49PM

      by NewNic (6420) on Wednesday July 18 2018, @07:49PM (#708965) Journal

      Right country. Wrong bank. NatWest.

      --
      lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory