Cybersecurity researchers from University of Plymouth, U.K., have shown that many websites offer poor advice on security for users of their services. This includes leading brands such as Amazon and Wikipedia. These companies are pointed out as failing to support users in terms of advice, especially in relation as to how to securely protect their data with a strong password. This is based on a longitudinal study into website security.
The data about password advice and other security measures has been gathered over the past ten years. Here the research group has revealed how the the top 10 English-speaking websites provide very little, or sometime none, advice on creating passwords that are less likely to be hacked. Moreover, some of the websites continue to allow users to use the word ‘password’; other sites allow for single-character passwords or the use of very basic words without the use of numbers or special characters. Furthermore, some leading websites allow the user to key in their own surname or to use the same characters that form their user identity as their password.
According to the university’s Professor of Information Security, Steve Furnell, he has been raising these cybersecuirty concerns with leading websites since 2007. He thinks the issue is event more pressing given the current climate of increased threat of global cyber-attacks.
In a statement, Professor Furnell said: “We keep hearing that passwords are a thing of the past. But despite the prospect of new technologies coming into force, they are still the predominant protection people can use when setting up online accounts.”
He adds: “With personal data now being guarded more closely than ever, providing clear and upfront guidance would seem a basic means through which to ensure users can be confident that the information they are providing is both safe and secure.”
The worst performers a decade on are Amazon, Reddit and Wikipedia. In contrast to the poor performers, the best websites in terms of password security were found to be Google, Microsoft Live and Yahoo.
The study has been published in the journal Computer Fraud & Security. The research paper comes under the heading of “Assessing website password practices – over a decade of progress?”
