Monday, 15 October 2018

Stringent password can prevent fraud: Study

Stringent password can prevent fraud: Study

Washington: Is it exhausting for you to come up with a new password every time you make a new account somewhere? Well, it turns out that the all-too-common practice of using the same email address/password combination to log into multiple websites can be damaging.

According to a recent study, the practice can cause more harm to the employers with many users and valuable assets protected by passwords, like in universities.

“If someone uses their university email address and passphrase to sign up for, say, LinkedIn, and LinkedIn is breached by cybercriminals, that would mean their university password is sitting on the web for everyone to see,” said Indiana University’s Dan Calarco, co-author of the study.

“We found that requiring longer and more complicated passwords resulted in a lower likelihood of password reuse,” the authors write in the paper, Factors Influencing Password Reuse: A Case Study. The authors are Jacob Abbott, an IU Bloomington Ph.D. student; Daniel Calarco, chief of staff for the IU Office of the Vice President for IT and CIO; and L. Jean Camp, a professor in the IU Bloomington School of Informatics, Computing and Engineering.

The group presented their findings at the TPRC46: Research Conference on Communications, Information and Internet Policy in Washington, D.C.

To investigate the impact of policy on password reuse, the study analyzed password policies from 22 different U.S. universities, including their home institution, IU. Next, they extracted sets of emails and passwords from two large data sets that were published online and contained over 1.3 billion email addresses and password combinations. Based on email addresses belonging to a university’s domain, passwords were compiled and compared against a university’s official password policy.

The study found that stringent password rules significantly lower a university’s risk of personal data breaches.
“Our paper shows that passphrase requirements such as a 15-character minimum length deter the vast majority of IU users (99.98 percent) from reusing passwords or passphrases on other sites,” they write.

“Other universities with fewer password requirements had reuse rates potentially as high as 40 percent.” Their analysis found that IU performed the best of all 22 universities — and had the most extensive requirements. The authors could not legally test whether credentials were actually valid; instead, they examined whether passwords could potentially be valid given public password requirements such as password length, complexity and other requirements.

“IU has worked with security and usability faculty to design our password policies, with the result being policies that value people’s time while mitigating risk,” Camp said. “The length and complexity are balanced by the extended period before new passwords must be generated and the use of a longer authentication time window for applications. Indiana University’s rollout of two-factor authentication is similarly a model.”

The authors offer the following recommendations to safeguard passwords:

Increase the minimum password length beyond 8 characters.

Increase the maximum password length.

Disallow the user’s name or username inside passwords.

Contemplate multi-factor authentication.

Multi-factor authentication is becoming more common and usable. IU, for example, employs Two-Step Login. With the potential benefits of reducing the risk of password reuse, multi-factor authentication may be a viable alternative to changing the length and/or complexity of password policies.

“Our recommendations are not only applicable for universities but also can be used by other organizations, services or applications,” they write.



from The Siasat Daily https://ift.tt/2CfOtYa
via IFTTT

Related Posts:

  • Google to roll out ‘Take a Break’ feature for YouTube San Francisco: Google has rolled out a new series of controls that will allow YouTube users to set limits on their video viewing, and help them set “Take a Break” reminder from browsing the channels for too long, a media rep… Read More
  • Not putting ‘Manto’ on pedestal: Nandita Das Mumbai: Actor-filmmaker Nandita Das, who is gearing up for her next directorial venture “Manto”, has said she was not trying to put Sadat Hassan Manto, the author and playwright, on a pedestal. Speaking at the teaser launch … Read More
  • Saudi-Indo engagement smoothened by SPO SAUDI ARABIA has created a special office — Strategic Partnership Office (SPO), and this strategic partnership office is like a nodal agency that will take care of anything to do with business, trade, delegation visits, inte… Read More
  • Soya Thandai Ingredients: 1 Tbsp Fennel Seeds 5 peppercorns 6 Tbsp Sugar 3 Cups Soya Milk 1/2 tsp Cardamom Powder 1 Tbsp Rose water 1 Tbsp Cashew Nuts 1 Tbsp Poppy Seeds 1 Tbsp Almonds Method: Blanch and peel the almonds. Soak all the in… Read More
  • Third Indian teen raped, burned alive in a week New Delhi: A third teenage girl has been raped and burned alive in a week in India, the latest brutal sexual assault to shock the country. The 16-year-old died from the burns after being set alight by a 26-year-old man who a… Read More

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.