… To make things worse, users' new passwords were overall more similar to passwords they use. one in three users affected by the breach changed their passwords. One of the breaches they focused on was the Yahoo breach that occurred in 2017, in which every single Yahoo account–all 3 billion of them–was hacked. … To reach their findings, the authors of the study observed the security practices of 249 willing participants. Those are the findings in a recent study out of Carnegie Mellon. The study, while small in scale more accurate in representing real-world user practices when it comes to user behavior … as it's based on actual browsing data and traffic rather than survey responses that may sometimes be inaccurate or subjective.Īnd Daniel Tkacik adds … and when they do, they’re often weaker: Have any of your username / password combinations been stolen during any of the many data breaches in recent years? Chances are, they probably have, and it's also likely you didn't take the proper precaution of changing your password to a more secure one. Researchers argue that a lot of the blame also resides with the hacked services, which "almost never tell people to reset their similar - or identical - passwords on other accounts." The study shows that users still lack the education needed in choosing better or unique passwords. The study … was not based on survey data, but on actual browser traffic. What’s the craic? Catalin Cimpanu reports- After a breach, users rarely change their passwords, study finds: Only around a third of users usually change their passwords following a data breach announcement, according to a recent study published by academics from the Carnegie Mellon University's Security and Privacy Institute. Your humble blogwatcher curated these bloggy bits for your entertainment. Perhaps the future is passwordless. In this week’s Security Blogwatch, we hope against hope. What about biometrics? I’ll come over there and chop off your fingers for asking all these dumb questions. Or 2FA? Anything other than SMS is too complicated, and SMS identity is horribly insecure. So use a password manager? Nope too nerdy. ![]() For sure, you’re more than capable of doing it, but for the vast majority of “normal” users, it’s basically impossible. Recent research reminds us that managing unique passwords is hard.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |