Sign In

Communications of the ACM

ACM TechNews

Study Shows Programmers Will Take the Easy Way Out and Not Implement Proper Password Security


A software programmer hard at work.

A study by researchers at the University of Bonn in Germany found that developers tend to write code that stores user passwords in an unsafe manner, because it's easier than creating a more secure product.

Credit: Stockphoto

Researchers at the University of Bonn in Germany have found that developers tend to write code that stores user passwords in an unsafe manner, because that is easier than creating a more secure product.

The researchers conducted an experiment involving 43 programmers hired via the Freelancer.com platform, and found that developers need to be explicitly told to write code that stores passwords in a safe, secure manner.

The researchers asked the participants to use technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component of a website.

Only 15 of the 43 developers chose to implement salting, a process through which the encrypted password stored inside an application's database is made harder to crack with the addition of a random data factor.

In addition, 17 of the 43 developers copied their code from Internet sites, suggesting freelancers did not have the necessary skills to develop a secure system from scratch.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found