A study concerning account passwords suggests that better guidance and detailed support will help users create harder-to-crack passwords.

The study from the University of Plymouth found that users who received basic guidance in constructing a password were 40 percent more likely to construct a password that was more secure.

Better still were the numbers for users that were given data about the likelihood that hackers could guess their passwords, thereby gaining access to accounts with private information. Those users were significantly (up to 10 times) more likely to change their passwords to one that was more secure.

"Over the past few years, numerous cyberattacks and security incidents have demonstrated that protecting personal and professional assets is no longer an optional duty," said Steve Furnell, Professor of Information Security and the Director of the University's Centre for Security, Communications and Network Research (CSCAN). "Yet many still occur out of unintentional mistakes such as negligence, carelessness, and human errors. Despite the advance in security technology, the weakest link in the information security realm still lies in end-users so it is essential that more support is offered to try and overcome this in the future."

In addition to determining that guidance and support help users creat stronger passwords, researchers also determined that popular sites like Twitter, Facebook and Amazon continue to allow users to create weak passwords, including a string of numbers (“1234567890”) and the word “password.”

"If this lack of provision is apparent with market-leading sites, it is unlikely that users are being better served in other contexts, and it potentially goes some way to explaining why bad practices persist," Furnell added. "A common weakness in the provision of security is that while relevant features are present and available to be employed, users are often expected to use them with little upfront guidance, or ongoing support. It is therefore hardly surprising to find that users' resulting behaviours are often explicitly insecure.”

“These findings provide a lesson not only for passwords, but for end-user security in general, as the combination of effective guidance and enforcement gives users the chance to understand and buy into security right from the start," said Furnell.

The study is published in Computers & Security.