Sign In

Communications of the ACM

ACM TechNews

Does Your Password Pass Muster?


MSN's password strength meter, which shows only three states.

New research from Concordia University raises concerns about the effectiveness of password strength meters.

Credit: MSN

New research from Concordia University raises concerns about the effectiveness of password strength meters, or the bars that turn red, yellow, or green to rate the strength of new passwords.

Professor Mohammad Mannan and Ph.D. student Xavier de Carne de Carnavalet have tested the meters of high-traffic sites such as Google, Yahoo!, Dropbox, and Twitter, as well as some found in password managers. The researchers say the meters can confuse people because what is considered a strong password on one site might be rated weak on another.

For example, some meters are very strict, assigning scores only to passwords that contain at least three character sets, while others are fine with the selection of letter-only passphrases.

"Dropbox's rather simple checker is quite effective in analyzing passwords and is possibly a step towards the right direction," Mannan says. "Any word commonly found in the dictionary will automatically be caught by the Dropbox meter and highlighted as weak. That automatically prompts users to think beyond familiar phrases when creating passwords."

Companies can follow Dropbox's lead, but people also can select full-character-set random passwords.

From Concordia University
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found

Read CACM in a free mobile app!
Access the latest issue, plus archived issues and more
ACM Logo
  • ACM CACM apps available for iPad, iPhone and iPod Touch, and Android platforms
  • ACM Digital Library apps available for iOS, Android, and Windows devices
  • Download an app and sign in to it with your ACM Web Account
Find the app for your mobile device
ACM DL Logo