Study examines websites' password practices

December 22, 2014 by Alan Williams, University of Plymouth

Global IT giants including Amazon and LinkedIn could be doing far more to raise awareness of the need for better password practices among their users.

Analysis by Professor Steve Furnell, Director of the Centre for Security, Communications and Network Research at Plymouth University, looked into the password security controls in place among ten of the world's most visited websites.

It revealed very few of them give detailed guidance about the importance of providing secure passwords, either when users were creating or updating accounts.

The majority also provided little or no information about the reasons why password protection is important, and while some did make suggestions about best practice, very few went on to enforce their own advice.

Professor Furnell, the Head of Plymouth's School of Computing and Mathematics, said:

"Many people have numerous password-protected accounts, which collectively end up holding a wealth of sensitive data. For their most crucial accounts, such as online banking, they will often be required to use stronger authentication methods but in other cases, when they have multiple accounts, they often use similar passwords leaving them more vulnerable to potential hackers. This is in large part because related guidance is not being communicated to them on websites but, and perhaps even more crucially, people are not being told the reasons why they need to be secure and why passwords ought to meet certain criteria."

For the study, carried out in August and published in the latest edition of the Computer Fraud and Security journal, Professor Furnell focussed on ten websites featured in the top 30 places of the global Alexa rankings – Google, Facebook, Yahoo!, Wikipedia, Twitter, Amazon, Microsoft Live, LinkedIn, and Pinterest.

He then examined the advice offered to users when they were creating accounts and changing or resetting passwords, with particular focus on length, alphanumerical inclusion, prevention of guessable choices, and the presence of password strength meters.

It showed that across the ten sites, there were 30 opportunities to provide detailed guidance but only a third of them were taken, with just Google providing advice at each of the sign-up, password change and password reset stages.

This is the third time Professor Furnell has conducted a study of this kind, with previous analyses in 2007 and 2011. Further studies at Plymouth University have also shown users can be encouraged to choose stronger and less obvious passwords if appropriate guidance and support is provided. He added:

"In the seven years of conducting this study, there has not been the level of improvement one might have expected. If these companies and others were to include simple explanations about enhancing security, and some better enforcement of good practice, the extent of our collective online security could be dramatically improved. In many cases, there is a fear about creating barriers which would stop people signing up to their service. But recent cybersecurity incidents have shown that securing passwords and providing informed guidance has never been more crucial."

Explore further: Microsoft suggests new approach for users to manage web passwords

Related Stories

Password breach spreads beyond LinkedIn

June 7, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network.

The quick brown fox can help secure your passwords online

October 28, 2014

In 2004 Bill Gates pronounced usernames and passwords dead. Gates, a man consistently thinking ahead of the crowd, was right. Most of us – including our employers and the online services we rely on – just haven't caught ...

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

EPA adviser is promoting harmful ideas, scientists say

March 22, 2019

The Trump administration's reliance on industry-funded environmental specialists is again coming under fire, this time by researchers who say that Louis Anthony "Tony" Cox Jr., who leads a key Environmental Protection Agency ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.