1. Home
  2. Inconsistent, misleading password meters can increase risk of cyber attacks: Study

Inconsistent, misleading password meters can increase risk of cyber attacks: Study

Agencies
December 23, 2019

Washington D.C., Dec 23: Inconsistent and misleading advice offered on some of the world's most popular websites could actually be doing more harm than good, says a recent study.

Password meters">Password meters are frequently made available to help the users secure their personal data against the threats posed by cybercriminals.

The study conducted at the University of Plymouth has assessed the effectiveness of 16 password meters that people are likely to use or encounter on a regular basis.

The research says that there is a clear level of variation in the advice offered across different websites.

The study was published in the journal Computer Fraud and Security.

The main focus was dedicated password meter websites, but the study also sought to assess those embedded in some common online services (including Dropbox and Reddit) and those found as standard on some of our devices.

And while some meters do effectively steer users towards more secure account passwords, some will not pick them up when they try to use 'abc123', 'qwertyuiop' and 'iloveyou' - all listed this week among the worst passwords of 2019.

The study was conducted by Steve Furnell, Professor of Information Security and Leader of the University's Centre for Security, Communications and Network Research.

Commenting on the latest research, Prof Furnell said: "Over the festive period, hundreds of millions of people will receive technology presents or use their devices to purchase them."

"The very least they should expect is that their data will be secure and, in the absence of a replacement for passwords, providing them with consistent and informed guidance is key in the quest for better security."

"What this study shows is that some of the available meters will flag an attempted password as being a potential risk whereas others will deem it acceptable. Security awareness and education are hard enough, without wasting the opportunity by offering misleading information that leaves users misguided and with a false sense of security."

The study tested 16 passwords against the various meters, with 10 of them being ranked among the world's most commonly used passwords (including 'password' and '123456').

Of the 10 explicitly weak passwords, only five of them were consistently scored as such by all the password meters, while 'Password1!' performed far better than it should do and was even rated strongly by three of the meters.

However, one positive finding was that a browser-generated password was consistently rated strong, meaning users can seemingly trust these features to do a good job.

Prof Furnell added: "Password meters">Password meters themselves are not a bad idea, but you clearly need to be using or providing the right one."

"It is also worth remembering that, regardless of how the meters handled them, many systems and sites would still accept the weak passwords in practice and without having offered users any advice or feedback on how to make better choices," he added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 10,2020

US dictionary Merriam-Webster will update the meaning of the word "racism" after being contacted by a Missouri black woman, who claimed the current definition fell short of including the systematic oppression of people of colour, according to media reports.

"A revision to the entry for racism is now being drafted to be added to the dictionary soon, and we are also planning to revise the entries of other words that are related to racism or have racial connotations," according to a statement of the 189-year-old dictionary shared by Kennedy Mitchum, a recent graduate of Drake University in Iowa, on her Facebook.

Mitchum, 22, emailed the dictionary last month, following the death of African American George Floyd in the custody of four Minneapolis police officers, Xinhua news agency reported.

"I kept having to tell them that definition is not representative of what is actually happening in the world," Mitchum told CNN. "The way that racism occurs in real life is not just prejudice, it's the systemic racism that is happening for a lot of black Americans."

Merriam-Webster's first definition of racism is "a belief that race is the primary determinant of human traits and capacities and that racial differences produce an inherent superiority of a particular race."

"It's not just disliking someone because of their race," Mitchum wrote in a Facebook post on Friday. "This current fight we are in is evidence of that, lives are at stake because of the systems of oppression that go hand-in-hand with racism."

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 2,2020

Paris, Jul 2: Several interacting exoplanets have already been spotted by satellites. But a new breakthrough has been achieved with, for the first time, the detection directly from the ground of an extrasolar system of this type.

An international collaboration including CNRS researchers has discovered an unusual planetary system, dubbed WASP-148, using the French instrument SOPHIE at the Observatoire de Haute-Provence (CNRS/Aix-Marseille Universite).

The scientists analysed the star's motion and concluded that it hosted two planets, WASP-148b and WASP-148c. The observations showed that the two planets were strongly interacting, which was confirmed from other data.

Whereas the first planet, WASP-148b, orbits its star in nearly nine days, the second one, WASP-148c, takes four times longer. This ratio between the orbital periods implies that the WASP-148 system is close to resonance, meaning that there is enhanced gravitational interaction between the two planets. And it turns out that the astronomers did indeed detect variations in the orbital periods of the planets.

While a single planet, uninfluenced by a second one, would move with a constant period, WASP-148b and WASP-148c undergo acceleration and deceleration that provides evidence of their interaction.

The study will shortly be published in the journal Astronomy & Astrophysics.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
February 27,2020

Feb 27: With the window to submit comments on India's proposed personal data protection law closing on Tuesday, a period of anxious wait for final version of the Bill started for social media firms.

This comes even as global Internet companies have called on the government for improved transparency related to intermediary Guidelines (Amendment) Rules and allay fears about the prospect of increased surveillance and prompting a fragmentation of the Internet in India that would harm users.

As per the proposed amendments, an intermediary having over 50 lakh users in the country will have to be incorporated in India with a permanent registered office and address.

When required by lawful order, the intermediary shall, within 72 hours of communication, provide such information or assistance as asked for by any government agency or assistance concerning security of the state or cybersecurity.

This means that the government could pull down information provided by platforms such as Wikipedia, potentially hampering its functioning in India.

In the open letter to IT Minister Ravi Shankar Prasad, leading browser and software development platform like Mozilla, Microsoft-owned GitHub and Cloudflare earlier called for improved transparency by allowing the public an opportunity to see a final version of these amendments prior to their enactment.

According to a Business Insider report, Indian users may lose access to Wikipedia if the new intermediary rules for internet and social media companies are approved.

Since the rules would require the website to take down content deemed illegal by the government, it would require Wikipedia to show different content for different countries.

Anusha Alikhan, senior communications director for Wikimedia told Business Insider that the platform is built though languages and not geographies. Therefore, removing content from one country, while it is still visible to other country users may not work for the company’s model.

India is one of Wikipedia’s largest markets. Over 771 million Indian users accessed the site in just November 2019.

Also read: Explained: What is the Personal Data Protection Bill and why you should care

The Personal Data Protection Bill, 2019, which was introduced in Lok Sabha in the winter session last year, was referred to a Joint Parliamentary Committee (JPC) of both the Houses.

The government last month decided to seek views and suggestions on the Bill from individuals and associations and bodies concerned and the last date for submitting the comments was on Tuesday.

Prasad, while introducing the Personal Data Protection Bill, 2019, in the Lok Sabha on December 11, announced that the draft Bill empowers the government to ask companies including Facebook, Google and others for anonymised personal data and non-personal data.

There was a buzz when the Bill's latest version was introduced in the Lok Sabha, especially the provision seeking to allow the use of personal and non-personal data of users in some cases, especially when national security is involved.

Several legal experts red-flagged the issue and said the provision will give the government unaccounted access to personal data of users in the country.

In their submission to the JPC, several organisations also flagged that the power to collect non-personal and anonymised data by the government without notice and consent should not form part of the Bill because of issues regarding effective anonymisation and potential abuse.

"Clauses 35 and 36 of the Bill provide unbridled access to personal data to the Central Government by giving it powers to exempt its agencies from the application of the Bill on the basis of various broad worded grounds," SFLC.in, a New Delhi-based not-for-profit legal services organisation, commented.

The Software Alliance, also known as BSA, a trade group which includes tech giants such as Microsoft, IBM and Adobe, among others said that the current version of the privacy bill pose substantial challenges, including the sweeping new powers for the government to acquire non-personal data, restrictions on data transfers, and local storage requirements.

"We urge the Joint Parliamentary Committee, as it considers revisions to the Bill, to eliminate provisions concerning non-personal data from the Personal Data Protection Bill and to remove the data localisation requirements and restrictions on international data flows," said Venkatesh Krishnamoorthy, Country Manager-India, BSA.

The Personal Data Protection (PDP) Bill, 2019 draws its origins from the Justice B.N. Srikrishna Committee on data privacy, which produced a draft of legislation that was made public in 2018 ("the Srikrishna Bill").

The mandatory requirement for storing a mirror copy of all personal data in India as per Section 40 of the Srikrishna Bill has been done away with in the PDP Bill, 2019, meaning that companies like Facebook and Twitter would be able to store data of Indian users abroad if they so wish.

But the bill prohibits processing of sensitive personal data and critical personal data outside India.

What is more, what constitutes critical data has not been clearly defined.

As per the proposals, social media companies will have to modify their application as they are required to have a system in place by which a user can verify themselves.

So legal experts believe that some system to upload identification documents should be there and something like the Twitter blue tick mark should be there to identify verified accounts.

"The 2019 Bill introduces a new category of data fiduciaries called social media intermediaries ('SMIs'). SMIs are a subcategory of significant data fiduciaries ('SDFs') and will be notified by the Central government after due consultation with the DPA, or the Data Protection Authority. Clause 26(4) of the Bill defines SMIs as intermediaries who primarily or solely enable online interaction between two or more users," SFLC.in said.

"On a plain reading of the definition, online platforms like Facebook, Twitter, YouTube, TikTok, ShareChat and WhatsApp are likely to be notified as SMIs under the Bill," it added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.