A large-scale study of password-protected Web sites revealed a lack of standards across the industry that harms end-user security, according to two researchers working at the University of Cambridge in England.
In particular, the weak implementations of password-based authentication at lower-security sites compromises the protections offered at higher-security sites because individuals often re-use passwords, Joseph Bonneau and Soren Preibusch asserted in a paper presented at the Workshop on the Economics of Information Security in Cambridge, Mass., Monday.
