A new study conducted by a team of researchers has found that inconsistent and misleading password meters offered by some of the world's most popular websites could be actually doing more harm than good. Even though password meters are used to help users to protect themself from cyber threats, inconsistent meters may make you more prone to cyber-attacks.
Are password meters effective?
The study conducted by researchers at the University of Plymouth analyzed the effectiveness of 16 password meters that people are likely to use on a regular basis. Even though the main focus of the study was dedicated password meter websites, researchers also sought to assess those embedded in some common online services like Dropbox and Reddit.
The study report published in the journal Computer Fraud and Security suggested that there is a clear level of variation in the advice offered on different websites. Even though some of the meters were found to be effective in securing your data, some will not pick them up when they try to use common passwords like 'abc123', 'qwertyuiop' and 'iloveyou'.
Steve Furnell, a professor of Information Security and Leader of the University's Centre for Security, Communications & Network Research who led this study had previously urged IT giants like Amazon and Linkedin to raise awareness of the need for better password practices among their users.
"Commenting on the latest research, Professor Furnell said: "Over the festive period, hundreds of millions of people will receive technology presents or use their devices to purchase them. The very least they should expect is that their data will be secure and, in the absence of a replacement for passwords, providing them with consistent and informed guidance is key in the quest for better security," said Furnell, in a recent statement.
Are browser generated passwords safe?
Surprisingly, researchers, during the study found that browser generated passwords were consistently rated strong, and it indicates that users can trust these features for a better cybersecurity experience.
"Password meters themselves are not a bad idea, but you clearly need to be using or providing the right one. It is also worth remembering that, regardless of how the meters handled them, many systems and sites would still accept the weak passwords in practice and without having offered users any advice or feedback on how to make better choices," added Furnell.