Many password strength meters are downright WEAK, say researchers

Website password strength meters, like a spouse asked to assess your haircut or outfit, often tell you only what you want to hear.

That’s the finding from researchers at Concordia University in Montreal, who examined the usefulness of those pesky and ubiquitous red-yellow-green password strength testers on websites run by big names such as Google, Yahoo, Twitter and Microsoft/Skype. The researchers used algorithms to sent millions of “not-so-good” passwords through these meters, as well as through the meters of password management services such as LastPass and 1Password, and were largely underwhelmed by the results.

“We found the outcomes to be highly inconsistent. What was strong on one site would be weak on another,” says Mohammad Mannan, an assistant professor with Concordia’s Institute for Information Systems Engineering, in a statement. He collaborated on the study with Ph.D student Xavier de Carné de Carnavalet.

Read the Full Article: Source – Computer World

source not found

Related Article

Leave a Reply