Security Risk ή Ρίσκο ασφαλείας: Θεωρείτε ότι ο κωδικός πρόσβασής σας είναι ασφαλής; Μπορεί να χρειαστεί να το ξανασκεφτείτε. Οι αντιλήψεις χρηστών του διαδικτύου για το τι σημαίνει και πως πρέπει να είναι ένας ισχυρός κωδικός πρόσβασης μπορεί να μην ταιριάζουν πάντα με την πραγματικότητα, σύμφωνα με μια πρόσφατη μελέτη της CyLab, του Carnegie Mellon Security and Privacy Institutes.
Have you missed? Let's explain it:
For example, participants in the study expected the code ieatkale88 to be as safe as iloveyou88 ?.
Both codes are a combination of dictionary words along with numbers.
However, when researchers used a tool που δείχνει πόσο χρόνο χρειάζεται ένας εισβολέας για να σπάσει κάθε κωδικό πρόσβασης, ο κωδικός ieatkale88 θα απαιτούσε τέσσερα δισmillions times more guesses to crack than loveyou88 as the latter contains more common words in passwords.
"Although participants generally had a good understanding of what makes passwords stronger or weaker, there were some critical misconceptions about how password attacks work," said Blase Ur, lead author of the study and PhD student. at the Carnegie Mellon School of Computer Science.
Why Security Risk?
Respondents, on average, believed that each code with numbers and letters was a strong password, which is not always true.
For example, p @ ssw0rd was considered safer than pAsswOrd, but the investigator intruder model predicted that 4.000 times would require more speculation to break pAsswOrd from pAsswOrd. Today with modern password-cracking tools, replacing letters with numbers or symbols is predictable and feasible.
"To help users create stronger passwords, it is important for us to understand their perceptions. That way we will know where interventions are needed, "said Lujo Bauer, a professor in the Department of Electrical and Computer Engineering and the Carnegie Mellon Institute.
The 165 team asked 51 online participants (49% men, 33% women) from 18 states in the United States and ages ranging from 66 to 25 years to compare their security and storage in XNUMX pairs.
In addition, participants were asked to report how they would expect attackers to guess their passwords.
"As companies design tools to help people build strong passwords, they need to provide a way to make passwords stronger," said Ur.
The team will incorporate these findings into an open source password feedback tool, which they aim to release before the end of the year.
Security Risk Perceptions of Passwords