Passwords comprising complex strings of numbers and characters are hard to remember but relatively easy to hack, research has confirmed.
For a long time password strength was measured by how complex a password was, such as whether it included both upper and lower-case letters, numbers and special characters, such as ampersands and dollar signs.
New research has confirmed that forcing users to create complex passwords can make them more vulnerable to hacking. Credit:Reuters
However, cybersecurity experts are increasingly moving away from these complex passwords to ones that seem more simple but are actually harder for hackers to crack.
Researchers from James Cook University found users were far more likely to engage in unsafe cybersecurity behaviour if forced to keep creating complex passwords by overzealous IT managers.
Associate Professor Roberto Dillon conducted a survey in which users were asked to create increasingly complex passwords, then, in a separate survey, they were asked about their usual password habits online.
Professor Dillon said that in 75 per cent of cases, users used various strategies to remember passwords, many of which compromised their data security.
“The most popular strategy was using the same password for multiple sites,” he said.
“Our results confirm that the tougher the constraints on creating the passwords, the safer users feel with their information. However, the results show that a large number of restrictions can frustrate users.”
Professor Dillon said the research confirmed what was becoming mainstream theory among data security experts – when it comes to passwords, complex is not always better.
Support the originator by clicking the read the rest link below.
