LOS ANGELES, July 18 (Xinhua) -- Leading internet brands including Amazon and Wikipedia are failing to support users with advice on how to securely protect their data, a new study shows.
The study, published this week in Computer Fraud and Security, examined the password practices of Google, Facebook, Wikipedia, Reddit, Yahoo, Amazon, Twitter, Instagram, Microsoft Live and Netflix.
"Despite the prospect of new technologies coming into force, they [passwords] are still the predominant protection people can use when setting up online accounts," professor of information security Steve Furnell was quoted as saying in a press release. "With personal data now being guarded more closely than ever, providing clear and upfront guidance would seem a basic means through which to ensure users can be confident that the information they are providing is both safe and secure."
The Director of the University of Plymouth's Centre for Security, Communications and Network Research (CSCAN), conducted the research, having carried out similar assessments in 2007, 2011 and 2014.
More than a decade after first examining the issue, the new research has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.
The research looked at whether users were provided with guidance when creating an account, changing their password or resetting a password, and how rigorously any guidelines were enforced.
Some still allow people to use the word "password", while others will allow single-character passwords and basic words including a person's surname or a repeat of their user identity.
Furnell said it was concerning that more than a decade after the issue was first highlighted, companies were not doing more to aid consumers amid the increased threat of global cyber-attacks.
According to Furnell's research, the best provisions, taking into account permitted password length and other restrictions, were offered by Google, Microsoft Live and Yahoo. And the three least favorable sets of results were from Amazon, Reddit and Wikipedia.
In fact, there has been a notable improvement over the whole 11 years is the proportion of sites that prevent the word "password" being used, but even now several still allow it.
The other improvement has been in the number of sites offering some form of additional authentication (from three in 2011 to eight in 2018), but it is not something any of the websites assessed flag during the account sign-up process, according to the research.
With over ten years between the studies, researcher were somewhat disappointing to find that the overall story in 2018 remains largely similar to that of 2007.
"In the intervening years, much has continued to be written about the failings of passwords and the ways in which we use them, but little is being done to encourage or oblige us to follow the right path," said Furnell.
"The increased availability of two-step verification and two-factor authentication options is positive. But users arguably require more encouragement or obligation to use them otherwise, like passwords themselves, they will offer the potential for protection while falling short of doing so in practice."