Wednesday, May 18, 2016

Are you sure your passwords are safe?

Are you sure your passwords are safe? According to a CyLab study, University Carnegie Mellon Security and Privacy Institute, our perceptions about security passwords not always are adjust with reality. Create a good password isn't only fix number, letters and symbols. We have to see another aspects many time we forget. 

"Although many users create predictable passwords, the grade the extent to which users realize these passwords are predictable is not well understood", ensure in its presentation the study, investigating "the relationship between users' perceptions of strength of specific passwords and their actual strength". This is achieve asking to participants qualify the relative security of juxtapose pair, for example ieatkale88 against iloveyou88.

In the previous case, although they look passwords with the same security level isn't: is it use a model to predict the number of tries will need an attackers to break these passwords, it will be discovered ieatkale99 will need four thousand million tries more. Why? Because the chain iloveyou88 is one of most  common passwords and it will be one of the first the attacker try to use. "Although the participants had a good compression what make strong or weak a password, they had critic gap regarding to how is attacked a password".

On the other side, the majority of the 165 participants think a password with numbers and symbols is a strong password, what not always is true. For example, it believes p@ssw0rd is more safer than pAsswOrd because it use numbers and symbols, but according to the predictable model of the researchers it would cost 4.000 more tries crack pAsswOrd than p@ssw0rd, because the most modern tools to break passwords already predict users will use numbers and symbols.

"Many participants had serious misconceptions of basing passwords on common phrases and including digits or keyword patterns in passwords. However, in most other cases, participants perceptions of what characteristics make a password secure were consistent with the performance of current password-cracking tools, ensure the conclusions of the study. And it continues: "We find large variance in participants' understanding of how passwords may be attacked, potentially explaining why users nonetheless make predictable passwords".

The study finish criticizing systems which warn to users of their passwords are strong or weak because "only tell users the strength of their passwords but not why". Also, it exists more factors than make strong a password, not only the fact of being large or have digits and symbols: if this password is used in different sites, or if the provider failed protecting it are factor which weaken a password.


Post a Comment