A Study of Password Security Factors among Bangladeshi Government Websites

TL;DR

This study evaluates password security practices across 36 Bangladeshi government websites, revealing widespread security gaps and lack of guidelines, which could compromise citizen data protection.

Contribution

First comprehensive analysis of password security factors on Bangladeshi government websites using six heuristics, highlighting critical security deficiencies.

Findings

Many websites lack password construction guidelines.

Some websites accept weak passwords.

Several sites do not use HTTPS for secure transmission.

Abstract

The Government of Bangladesh is aggressively transforming its public service landscape by transforming public services into online services via a number of websites. The motivation is that this would be a catalyst for a transformative change in every aspect of citizen life. Some web services must be protected from any unauthorised usages and passwords remain the most widely used credential mechanism for this purpose. However, if passwords are not adopted properly, they can be a cause for security breach. That is why it is important to study different aspects of password security on different websites. In this paper, we present a study of password security among 36 different Bangladeshi government websites against six carefully chosen password security heuristics. This study is the first of its kind in this domain and offers interesting insights. For example, many websites have not adopted proper security measures with respect to security. There is no password construction guideline adopted by many websites, thus creating a barrier for users to select a strong password. Some of them allow supposedly weak passwords and still do not utilise a secure HTTPS channel to transmit information over the Internet.