[ISN] Researchers: Poor password practices hurt security for all

From: InfoSec News <alerts_at_private>
Date: Tue, 8 Jun 2010 03:23:19 -0500 (CDT)
http://www.computerworld.com/s/article/9177780/Researchers_Poor_password_practices_hurt_security_for_all

By Elizabeth Heichler
IDG News Service
June 7, 2010

A large-scale study of password-protected Web sites revealed a lack of 
standards across the industry that harms end-user security, according to 
two researchers working at the University of Cambridge in England.

In particular, the weak implementations of password-based authentication 
at lower-security sites compromises the protections offered at 
higher-security sites because individuals often re-use passwords, Joseph 
Bonneau and Soren Preibusch asserted in a paper presented at the 
Workshop on the Economics of Information Security in Cambridge, Mass., 
Monday.

Attackers can use low-security Web sites such as news outlets to figure 
out passwords associated with certain e-mail addresses, and then use 
those passwords to access accounts at higher-security sites such as 
e-commerce vendors, Bonneau said.

In an effort that the researchers said is the largest empirical 
investigation into password implementations to date, they collected data 
from 150 Web sites and found widespread "questionable design choices, 
inconsistencies, and indisputable mistakes," according to Bonneau and 
Preibusch.

[...]


_____________________________________________________________________________________
Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, 
offering over 60 training sessions and 11 tracks of Briefings from security 
industry elite. To sign up visit www.blackhat.com
Received on Tue Jun 08 2010 - 01:23:19 PDT

This archive was generated by hypermail 2.2.0 : Tue Jun 08 2010 - 01:32:19 PDT