Sign In

Communications of the ACM

ACM TechNews

Does Your Password Pass Muster?


MSN's password strength meter, which shows only three states.

New research from Concordia University raises concerns about the effectiveness of password strength meters.

Credit: MSN

New research from Concordia University raises concerns about the effectiveness of password strength meters, or the bars that turn red, yellow, or green to rate the strength of new passwords.

Professor Mohammad Mannan and Ph.D. student Xavier de Carne de Carnavalet have tested the meters of high-traffic sites such as Google, Yahoo!, Dropbox, and Twitter, as well as some found in password managers. The researchers say the meters can confuse people because what is considered a strong password on one site might be rated weak on another.

For example, some meters are very strict, assigning scores only to passwords that contain at least three character sets, while others are fine with the selection of letter-only passphrases.

"Dropbox's rather simple checker is quite effective in analyzing passwords and is possibly a step towards the right direction," Mannan says. "Any word commonly found in the dictionary will automatically be caught by the Dropbox meter and highlighted as weak. That automatically prompts users to think beyond familiar phrases when creating passwords."

Companies can follow Dropbox's lead, but people also can select full-character-set random passwords.

From Concordia University
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found