Security Risk: Do you think that o codewithin your reach safeς; Μπορεί να χρειαστεί να το ξανασκεφτείτε. Οι αντιλήψεις χρηστών του διαδικτύου για το τι σημαίνει και πως πρέπει να είναι ένας ισχυρός κωδικός accesss may not always match reality, according to a recent study by CyLab, the Carnegie Mellon Security and Privacy Institute.
Have you missed? Let's explain it:
For example, participants in the study expected the code ieatkale88 to be as safe as iloveyou88 ?.
Both codes are a combination of dictionary words along with numbers.
However, when the researchers used a tool to show how long an attacker needed to break each password, the code ieatkale88 would require four billion times more speculation to break from loveyou88 as the second contains more common words in passwords.
"Although participants generally had a good understanding of what makes passwords stronger or weaker, there were also some critical misconceptions about how passwords work. attacks in passwords," said Blase Ur, the study's lead author and a doctoral student at Carnegie Mellon's School of Computer Science.
Why Security Risk?
Respondents, on average, believed that each code with numbers and letters was a strong password, which is not always true.
For example, p @ ssw0rd was considered safer than pAsswOrd, but the investigator intruder model predicted that 4.000 times would require more speculation to break pAsswOrd from pAsswOrd. Today with modern password-cracking tools, replacing letters with numbers or symbols is predictable and feasible.
"To help users create stronger passwords, it is important for us to understand their perceptions. That way we will know where interventions are needed, "said Lujo Bauer, a professor in the Department of Electrical and Computer Engineering and the Carnegie Mellon Institute.
The team of researchers asked 165 online participants (51% male, 49% female) from 33 states of USA and with ages ranging from 18 to 66, to comparatively evaluate the security and memorability of 25 password pairs.
In addition, participants were asked to report how they would expect attackers to guess their passwords.
"As companies design tools to help people build strong passwords, they need to provide a way to make passwords stronger," said Ur.
The team will incorporate these findings into an open source password-resetting tool, which is intended to be released before the end of the year.
Security Risk Perceptions of Passwords