Security Risk ή Ρίσκο ασφαλείας: Θεωρείτε ότι ο κωδικός πρόσβασής σας είναι ασφαλής; Μπορεί να χρειαστεί να το ξανασκεφτείτε. Οι αντιλήψεις χρηστών του διαδικτύου για το τι σημαίνει και πως πρέπει να είναι ένας ισχυρός Password may not always match reality, according to a recent study by CyLab, of Carnegie Mellon Security και Privacy Institute.
Have you missed? Let's explain it:
For example, participants in the study expected the code ieatkale88 to be as safe as iloveyou88 ?.
Both codes are a combination of dictionary words along with numbers.
However, when the researchers they used a tool that shows how long it takes an attacker to crack each password, ieatkale88's code would require four billion times more guesses to crack than loveyou88's as the latter contains more common words in passwords.
"Although participants generally had a good understanding of what makes passwords stronger or weaker, there were some critical misconceptions about how password attacks work," said Blase Ur, lead author of the study and PhD student. at the Carnegie Mellon School of Computer Science.
Why Security Risk?
Respondents, on average, believed that each code with numbers and letters was a strong password, which is not always true.
For example, p @ ssw0rd was considered safer than pAsswOrd, but the investigator intruder model predicted that 4.000 times would require more speculation to break pAsswOrd from pAsswOrd. Today with modern password-cracking tools, replacing letters with numbers or symbols is predictable and feasible.
"To help users create stronger passwords, it is important for us to understand their perceptions. That way we will know where interventions are needed, "said Lujo Bauer, a professor in the Department of Electrical and Computer Engineering and the Carnegie Mellon Institute.
The team of researchers asked 165 online Participants (51% male, 49% female) from 33 US states and ranging in age from 18 to 66, to compare security and memory in 25 password pairs.
In addition, participants were asked to report how they would expect attackers to guess their passwords.
"As they exist Companies that design tools to help people make strong passwords, they should also provide how they make passwords stronger," said Ur.
The team will incorporate these findings into an open source password-resetting tool, which is intended to be released before the end of the year.
Security Risk Perceptions of Passwords
