https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32127#M2173 <P>Hi <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/136236425">@ericgeater</a> No, in answer to your question.&nbsp;&nbsp; I did notice the latest Firefox has a password sync capability for convenience and some password managers also have the same capability to link between sites.&nbsp;&nbsp; Great convenience for the public, and the speed of reaction we all want in terms of interaction.&nbsp;&nbsp;</P><P>&nbsp;</P><P>But this sacrifices both privacy and security for the sake of convenience.&nbsp; However, these features are the very things that every user wants.&nbsp;&nbsp; And are probably very willing to sacrifice with exceptions in the case of Firefox and a Master password.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Wed, 29 Jan 2020 18:10:19 GMT Caute_cautim 2020-01-29T18:10:19Z https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32080#M2164 <P><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="A December 2019 study by University of Plymouth Professor Steve Furnell assessed the effectiveness of 16 password meters that people are likely to encounter online. While most meters effectively steer users towards more secure passwords, some will over-rate even the most commonly used ones that are found on top 10 &quot;worst-passwords&quot; lists. One positive finding was that a browser-generated password was consistently rated strong. There was no mention of password managers and the strength of the passwords they generate. The paper is behind a pay-wall. An overview is given here: https://www.sciencedaily.com/releases/2019/12/191219090745.htm" style="width: 400px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/3779i6B0D77680179AAF1/image-size/medium?v=v2&amp;px=400" role="button" title="password_meter.jpg" alt="A December 2019 study by University of Plymouth Professor Steve Furnell assessed the effectiveness of 16 password meters that people are likely to encounter online. While most meters effectively steer users towards more secure passwords, some will over-rate even the most commonly used ones that are found on top 10 &quot;worst-passwords&quot; lists. One positive finding was that a browser-generated password was consistently rated strong. There was no mention of password managers and the strength of the passwords they generate. The paper is behind a pay-wall. An overview is given here: https://www.sciencedaily.com/releases/2019/12/191219090745.htm" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">A December 2019 study by University of Plymouth Professor Steve Furnell assessed the effectiveness of 16 password meters that people are likely to encounter online. While most meters effectively steer users towards more secure passwords, some will over-rate even the most commonly used ones that are found on top 10 "worst-passwords" lists. One positive finding was that a browser-generated password was consistently rated strong. There was no mention of password managers and the strength of the passwords they generate. The paper is behind a pay-wall. An overview is given here: https://www.sciencedaily.com/releases/2019/12/191219090745.htm</span></span></P> Mon, 09 Oct 2023 09:25:07 GMT https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32080#M2164 AppDefects 2023-10-09T09:25:07Z https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32097#M2170 <P>Hi <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/887781263">@AppDefects</a> Another set of reasons for eliminating passwords and going FIDO instead.&nbsp; Given that the shift to SD-WANs and Zero Trust Security is absolutely riddled with digital certificates.&nbsp;&nbsp;&nbsp; Perhaps greater security awareness on the use of passwords, holding them in browsers is required throughout the whole of 2020?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Tue, 28 Jan 2020 18:43:25 GMT https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32097#M2170 Caute_cautim 2020-01-28T18:43:25Z https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32116#M2172 <P>Is that a recommendation for browsers to retain / keep passwords?&nbsp; I've always been skeptical of that.</P> Wed, 29 Jan 2020 14:30:38 GMT https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32116#M2172 ericgeater 2020-01-29T14:30:38Z https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32127#M2173 <P>Hi <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/136236425">@ericgeater</a> No, in answer to your question.&nbsp;&nbsp; I did notice the latest Firefox has a password sync capability for convenience and some password managers also have the same capability to link between sites.&nbsp;&nbsp; Great convenience for the public, and the speed of reaction we all want in terms of interaction.&nbsp;&nbsp;</P><P>&nbsp;</P><P>But this sacrifices both privacy and security for the sake of convenience.&nbsp; However, these features are the very things that every user wants.&nbsp;&nbsp; And are probably very willing to sacrifice with exceptions in the case of Firefox and a Master password.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Wed, 29 Jan 2020 18:10:19 GMT https://community.isc2.org/t5/Tech-Talk/Password-Meters-Inconsistent-amp-Misleading/m-p/32127#M2173 Caute_cautim 2020-01-29T18:10:19Z