An Assessment of Website Password Practices
Document Type
Journal Article
Publisher
Elsevier Ltd
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
4597
Abstract
Password-based authentication is frequently criticised on the basis of the ways in which the approach can be compromised by end-users. However, a fundamental point in the defence of many users is that they may not know any better, and lack appropriate guidance and support when choosing their passwords and subsequently attempting to manage them. Given that such support could reasonably be expected to come from the systems upon which the passwords are used, this paper presents an assessment of password practices on 10 popular websites, examining the extent to which they provide guidance for password selection, enforce restrictions on password choices, and support easy and effective recovery or reset if passwords are forgotten. The findings reveal that the situation is extremely variable, with none of the assessed sites performing ideally across all of the assessed criteria. Better efforts are consequently required if password practices amongst the general populous are expected to improve.
DOI
10.1016/j.cose.2007.09.001
Comments
Furnell, S. (2007). An assessment of website password practices. Computers & Security, 26(7), 445-451. Available here