Password meter services, implemented on many popular platforms, can be misleading, thereby putting users at risk of cyberattacks.
During the holiday season, hundreds of millions of people will receive gadgets as gifts or use their devices to buy them. The minimum they have to ensure is that their data will be safe. The key to security is a strong password.
A study by the University of Plymouth assessed the effectiveness of 16 password meters that people are likely to use or encounter on a regular basis.
“The main focus was dedicated on password meter websites, but the study also sought to assess those embedded in some common online services (including Dropbox and Reddit) and those found as standard on some of our devices”, — say researchers from University of Plymouth.
As part of the study, scientists tested the effectiveness of the 16 most common password meters using 16 passwords, 10 of which were included in the list of worst passwords (including ‘password’ and ‘123456’). Of the dozen weak passwords, only five were regarded as such by all tested meters, while the rest, for example, ‘Password1!’, were considered reliable by services.
The situation with passwords generated by browsers is different – all services rated them as reliable, experts note. They also noticed a difference in recommendations on different sites. For example, some services recommended users to use stronger passwords for accounts, while others quietly allowed passwords such as ‘abc123’, ‘qwertyuiop’ and ‘iloveyou’ (all of them appear in the list of the worst passwords in 2019, presented by NordPass).
“Password strength meters alone are a good idea, you just need to use the correct one […] It should also be remembered that in practice, regardless of the meter’s assessment, many systems and sites will still accept weak passwords without offering any recommendations on how to make the best choice”, – said Steve Furnell, professor at Plymouth University.
Recall that in February of this year, Google released the Password Checkup extension for the Chrome browser, which alerts users if their credentials were found in past leaks and offers to change the password, and in October Google Password Manager introduced the function of checking password security in Password Manager.
Change your password urgently to a more secure one (and better not use Password meters yet), besides Check Point experts named the most dangerous malware of November 2019. On the eve of the holidays, do not forget about information security!
Appendix:
List of the Top-20 worst passwords by NordPass (just in case ;-))
- 12345
- 123456
- 123456789
- test1
- password
- 12345678
- zinch
- g_czechout
- asdf
- qwerty
- 1234567890
- 1234567
- Aa123456.
- iloveyou
- 1234
- abc123
- 111111
- 123123
- dubsmash
- test