Password meters are frequently made available to help users secure their personal data against the threats posed by cyber criminals.
However, the ‘inconsistent and misleading’ advice offered on some of the world’s most popular websites could actually be doing more harm than good, according to new research.
A study by the University of Plymouth assessed the effectiveness of 16 password meters that people are likely to use or encounter on a regular basis.
The main focus was dedicated password meter websites, but the study also sought to assess those embedded in some common online services (including Dropbox and Reddit) and those found as standard on some of our devices.
Published in Computer Fraud and Security, the research says there is a clear level of variation in the advice offered across the different websites.
And while some meters do effectively steer users towards more secure account passwords, some will not pick them up when they try to use ‘abc123’, ‘qwertyuiop’ and ‘iloveyou’ – all listed this week among the worst passwords of 2019.
The study was conducted by Steve Furnell, Professor of Information Security and Leader of the University’s Centre for Security, Communications and Network Research.
He has previously suggested that global IT giants including Amazon and LinkedIn could be doing far more to raise awareness of the need for better password practices.
He has also shown that over the space of a decade, most of the top ten English-speaking websites had not expanded the password guidance they offer consumers amid the increased threat of global cyber-attacks.
