(Press-News.org) This news release is available in French.
Montreal, March 25, 2015 -- "Create a password" is a prompt familiar to anyone who's tried to buy a book from Amazon or register for a Google account. Equally familiar is that red / yellow / green bar that rates the new password's strength. But when those meters give the go-ahead to passwords like Password1+, their effectiveness is called into question.
New research from Concordia University exposes the weakness of password strength meters, and shows consumers should remain sceptical when the bar turns green in order to create strong passwords.
For the study, forthcoming in the journal ACM Transactions on Information and System Security, researchers Mohammad Mannan and Xavier de Carné de Carnavalet sent millions of not-so-good passwords through meters used by several high-traffic web service providers including Google, Yahoo!, Dropbox, Twitter and Skype. They also tested some of the meters found in password managers, allegedly designed with the relevant expertise.
"We found the outcomes to be highly inconsistent. What was strong on one site would be weak on another," says Mannan, who is a professor with Concordia's Institute for Information Systems Engineering.
"These weaknesses and inconsistencies may confuse users in choosing a stronger password, and thus may weaken the purpose of these meters. But on the other hand, our findings may help design better meters, and possibly make them an effective tool in the long run," adds PhD student de Carnavalet.
So what can companies do? Start by emulating Dropbox, the researchers recommend. The popular file-sharing site had the most robust password strength meter -- and the software is open-source.
"Dropbox's rather simple checker is quite effective in analyzing passwords, and is possibly a step towards the right direction. Any word commonly found in the dictionary will be automatically be caught by the Dropbox meter and highlighted as weak," explains Mannan. "That automatically prompts users to think beyond familiar phrases when creating passwords."
"Some checkers are very strict, and assign scores only when a given password contains at least three character sets -- that is, a letter, a number and a symbol; other checkers are ok with the use of letter-only passphrases. Such a discrepancy is not explained to the user and is hardly justifiable," says de Carnavalet.
"We've contacted most of the companies we examined in our study but so far our results are falling on deaf ears," Mannan says. One company dropped their meter while another one fixed a simple bug. No other changes were observed even after a year.
For now, it's up to individuals to ensure their passwords are strong by using full characters set random passwords. Of course, remembering those passwords is easier said than done.
As an alternative, Mannan suggests another tool for creating web passwords from private images (SelfiePass/ObPwd for Android and for Firefox). But using such tools may not solve the password problem for all use cases, he warns.
INFORMATION:
Partners in research: This study was supported in part by an NSERC Discovery Grant and FRQNT Programme établissement de nouveaux chercheurs.
Related links:
Faculty of Engineering and Computer Science http://www.concordia.ca/encs.html
Concordia Institute of Information Systems Engineering http://www.concordia.ca/encs/info-systems-eng.html
Mohammad Mannan http://users.encs.concordia.ca/~mmannan/
NSERC http://www.nserc-crsng.gc.ca/index_eng.asp
FQRNT http://www.frqnt.gouv.qc.ca/en/
ACM Transactions on Information and System Security http://tissec.acm.org/
Media contact:
Cléa Desjardins
Senior advisor, media relations
University Communications Services
Concordia University
Phone: 514-848-2424, ext. 5068
Email: clea.desjardins@concordia.ca
Web: http://www.concordia.ca/now/media-relations
Twitter: @CleaDesjardins
From AGU's blogs: Q&A with journalist-turned-geologist Rex Buchanan
After decades as a science reporter, interim director of the Kansas Geological Survey (KGS) Rex Buchanan now finds himself at the epicenter of a media frenzy. Read parts one and two of a three-part series featuring an interview between Buchanan and University of California, Santa Cruz, science journalism student, Kerry Klein, in The Plainspoken Scientist.
From Eos.org: Changing of the Guard: Satellite Will Warn Earth of Solar Storms
This summer, Earth gets a new guardian--the Deep Space Climate ...
ATLANTA--Medication used to treat patients with type II diabetes activates sensors on brain cells that increase hunger, causing people taking this drug to gain more body fat, according to researchers at Georgia State University, Oregon Health and Science University, Georgia Regents University and Charlie Norwood Veterans Administration Medical Center.
The study, published on March 18 in The Journal of Neuroscience, describes a new way to affect hunger in the brain and helps to explain why people taking a class of drugs for type II diabetes gain more body fat.
Type II ...
Researchers at the University of California, San Diego School of Medicine have discovered a control switch for the unfolded protein response (UPR), a cellular stress relief mechanism drawing major scientific interest because of its role in cancer, diabetes, inflammatory disorders and several neural degenerative disorders, including Alzheimer's disease, Parkinson's disease, and amyotrophic lateral sclerosis (ALS), otherwise known as Lou Gehrig's disease.
The normal function of the UPR pathway is to protect cells from stress but it can also trigger their death if the ...
An international team of researchers led by the University of Oklahoma has discovered a strong association between the lifestyles of indigenous communities and their gut microbial ecologies (gut microbiome), a study that may have implications for the health of all people.
Under the direction of Cecil Lewis, co-director of the Laboratories of Molecular Anthropology and Microbiome Research in the OU College of Arts and Sciences, the team presents an in-depth analysis of the gut microbiome of the Matses, an Amazonian hunter-gatherer community, which is compared with that ...
Results from the first phase 1 trial of an Ebola vaccine based on the current (2014) strain of the virus are today published in The Lancet. Until now, all tested Ebola virus vaccines have been based on the virus strain from the Zaire outbreak in 1976. The results suggest that the new vaccine is safe, and provokes an immune response in recipients, although further long-term testing will be needed to establish whether it can protect against the Ebola virus.
A team of researchers, led by Professor Fengcai Zhu, from the Jiangsu provincial center for disease prevention and ...
People who have suffered serious head injuries show changes in brain structure resembling those seen in older people, according to a new study.
Researchers at Imperial College London analysed brain scans from over 1,500 healthy people to develop a computer program that could predict a person's age from their brain scan. Then they used the program to estimate the "brain age" of 113 more healthy people and 99 patients who had suffered traumatic brain injuries.
The brain injury patients were estimated to be around five years older on average than their real age.
Head ...
Boston, Mass. - March 25, 2015 - Nonprofit Global Oncology, Inc. (GO) today announced the launch of the Global Cancer Project Map, a first-of-its-kind online resource and virtual information exchange for connecting the global cancer community. Developed by GO in collaboration with the National Cancer Institute (NCI) Center for Global Health, the Map enables worldwide access to cancer projects and expertise to improve cancer practices and patient outcomes, especially in low-resource settings. Find the Global Cancer Project Map here: http://gcpm.globalonc.org.
The Map was ...
25.03.2015: Natural wetlands usually emit methane and sequester carbon dioxide. Anthropogenic interventions, in particular the conversion of wetlands for agriculture, result in a significant increase in CO2 emissions, which overcompensate potential decreases in methane emission. A large international research team now calculated that the conversion of arctic and boreal wetlands into agricultural land would result in an additional cumulative radiative forcing of about 0,1 MilliJoule (mJ) per square meter for the next 100 years. The conversion of temperate wetlands into agricultural ...
AURORA, Colo. (March 25, 2015) - Coordinating patient care between hospital clinicians and primary-care physicians is a significant challenge due to poor communication and gaps in information-sharing strategies, according to a study led by physicians at the School of Medicine of the University of Colorado Anschutz Medical Campus.
The inability to share timely information can increase the risk of missed test results and hospital readmissions, according to the study's corresponding author, Christine D. Jones, MD, assistant professor of medicine and director of the Hospital ...
PROVIDENCE, R.I. [Brown University] -- By looking at the molecular aftermath of concussion in an unusual way, a team of researchers at Brown University and the Lifespan health system has developed a candidate panel of blood biomarkers that can accurately signal mild traumatic brain injury within hours using standard, widely available lab arrays. The results appear in a new study in the Journal of Neurotrauma.
Many researchers have reported recent progress in identifying possible blood biomarkers for concussion -- an advance sought because diagnosis is currently limited ...
