Should the password indicator be trusted?

When registering on a site, the ability to verify the reliability of your password with an indicator is considered a way to be sure to take the necessary measures for its security. However, a Canadian study by Concordia University shows that the reliability of these measurement tools can be questioned. It will therefore be preferable to use other measures to find the best security code for each online account.

An indicator based on different criteria

The results of the study show that the most used sites do not show the same security rate for the same password (depending on the password policy). While some may appear insufficient, it is very satisfying for others. This problem can be confusing by making the user believe that their choice protects them when they are simply considered to be performing well against the criteria set up by each site. While some have good knowledge in the field, others are limited to basic settings, which explains such a large difference between them.

While some access code management methods apply the necessary precautions by indicating when the choice is too simple, that it contains whole words in the dictionary, so it is easily hackable, others are limited to offering an alphanumeric combination. For a user, it will be very difficult to know what the real potential of their way of entering a personal account is. This disparity will even lead some users to underestimate the problem and indicate a combination that is far too simple and puts them at risk.

End of color rankings?

This study showed that offering a degree of reliability using red, yellow and green did not really help the user. If red makes it clear that you have to think another way, the other two colors can be misinterpreted. A user may think that yellow is enough to ensure its safety or trust a green without knowing its true reliability.

The results were communicated to the various sites that did not meet the criteria in the field and many were surprised. Even if changes or deletions have been made, there is no guarantee that the new means put in place in this framework to participate in data protection are more effective than those that have been tested.

The Internet user faces his own responsibility

The conclusion of this Canadian study is particularly interesting because it refers to the fact that it is not possible to trust only a computer program set up to test its password. A forward reflection must be undertaken in order to propose the best possible combination according to its own confidence scale. When entering, the password should not only be a happy or easy-to-memorize set, but should act as a real shield.

Even if new features or advice are provided to combat hacking, it is always important to keep in mind that the methods of web pirates are evolving at the same time as protection techniques. If they appear to be inviolable at first, there is no guarantee that they will remain inviolable in the long term. Changing combinations often can be a way to guard against this type of risk because it will be much more difficult to access that user's content. Repeated attempts will be less likely to succeed.

Illustration source: Flickr.

Now access an unlimited number of passwords:
Download Password