CybersecurityComplex Passwords Aren’t Always Best

Published 7 May 2021

Research shows increasingly complex website password restrictions often leave users frustrated and lead to poor password security. “Our results confirm that the tougher the constraints of creating the passwords the safer users feel with their information,” said one expert. “However, the results show that a large number of restrictions can frustrate users.”

Research from James Cook University shows increasingly complex website password restrictions often leave users frustrated and lead to poor password security.

Associate Professor Roberto Dillon investigated how users react to increasingly complex password requirements and whether those rules compromise password security.

“Our results confirm that the tougher the constraints of creating the passwords the safer users feel with their information,” he said. “However, the results show that a large number of restrictions can frustrate users.”

Dr. Dillon said this frustration led to 75% of participants using strategies to remember their passwords, including strategies that compromise their security.

“The most popular strategy was using the same password for multiple sites,” he said.

Dr. Dillon and his team conducted a survey where users were asked to create a password following an increasing number of restrictions, ranging from “passwords must contain at least eight characters” to “passwords must be different from the latest five passwords.”

Participants were also asked if they used any strategies to remember their passwords, as well as the situations where they would be tempted to use those strategies.

“Websites often require passwords that include a combination of special characters, numbers, upper- and lower-case letters, and more,” he said. “This makes passwords less likely to be compromised by hackers, but harder for users to invent a password and to remember it.”

While measures such as password managers and two-factor authentication protocols offer solutions to password management and securing privacy, Dr. Dillon said they still suffer from usability issues and demonstrate inconvenience to users.

He suggests a better approach was to ask users to create a long but meaningful password phrase.

“This is easy to remember but long enough to hinder brute-force hacking attacks,” he said. “At the same time, providers should avoid adding several restrictions as it makes it more likely for users to resort to workarounds that compromise security.”

Leave a comment

Register for your own account so you may participate in comment discussion. Please read the Comment Guidelines before posting. By leaving a comment, you agree to abide by our Comment Guidelines, our Privacy Policy, and Terms of Use. Please stay on topic, be civil, and be brief. Names are displayed with all comments. Learn more about Joining our Web Community.

Hits: 1

Grid, grid resilience, grid reliability Sarcasm detectior, sentiments | Homeland Security Newswire