cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

Password Meters Inconsistent & Misleading!


A December 2019 study by University of Plymouth Professor Steve Furnell assessed the effectiveness of 16 password meters that people are likely to encounter online. While most meters effectively steer users towards more secure passwords, some will over-rate even the most commonly used ones that are found on top 10 "worst-passwords" lists.  One positive finding was that a browser-generated password was consistently rated strong. There was no mention of password managers and the strength of the passwords they generate. The paper is behind a pay-wall. An overview is given here: https://www.sciencedaily.com/releases/2019/12/191219090745.htmA December 2019 study by University of Plymouth Professor Steve Furnell assessed the effectiveness of 16 password meters that people are likely to encounter online. While most meters effectively steer users towards more secure passwords, some will over-rate even the most commonly used ones that are found on top 10 "worst-passwords" lists. One positive finding was that a browser-generated password was consistently rated strong. There was no mention of password managers and the strength of the passwords they generate. The paper is behind a pay-wall. An overview is given here: https://www.sciencedaily.com/releases/2019/12/191219090745.htm

3 Replies
Caute_cautim
Community Champion

Hi @AppDefects Another set of reasons for eliminating passwords and going FIDO instead.  Given that the shift to SD-WANs and Zero Trust Security is absolutely riddled with digital certificates.    Perhaps greater security awareness on the use of passwords, holding them in browsers is required throughout the whole of 2020?

 

Regards

 

Caute_cautim

ericgeater
Community Champion

Is that a recommendation for browsers to retain / keep passwords?  I've always been skeptical of that.

--
"A claim is as good as its veracity."
Caute_cautim
Community Champion

Hi @ericgeater No, in answer to your question.   I did notice the latest Firefox has a password sync capability for convenience and some password managers also have the same capability to link between sites.   Great convenience for the public, and the speed of reaction we all want in terms of interaction.  

 

But this sacrifices both privacy and security for the sake of convenience.  However, these features are the very things that every user wants.   And are probably very willing to sacrifice with exceptions in the case of Firefox and a Master password.

 

Regards

 

Caute_cautim