Sign In

Communications of the ACM

ACM TechNews

Does Your Password Pass Muster?


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
MSN's password strength meter, which shows only three states.

New research from Concordia University raises concerns about the effectiveness of password strength meters.

Credit: MSN

New research from Concordia University raises concerns about the effectiveness of password strength meters, or the bars that turn red, yellow, or green to rate the strength of new passwords.

Professor Mohammad Mannan and Ph.D. student Xavier de Carne de Carnavalet have tested the meters of high-traffic sites such as Google, Yahoo!, Dropbox, and Twitter, as well as some found in password managers. The researchers say the meters can confuse people because what is considered a strong password on one site might be rated weak on another.

For example, some meters are very strict, assigning scores only to passwords that contain at least three character sets, while others are fine with the selection of letter-only passphrases.

"Dropbox's rather simple checker is quite effective in analyzing passwords and is possibly a step towards the right direction," Mannan says. "Any word commonly found in the dictionary will automatically be caught by the Dropbox meter and highlighted as weak. That automatically prompts users to think beyond familiar phrases when creating passwords."

Companies can follow Dropbox's lead, but people also can select full-character-set random passwords.

From Concordia University
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account