Does my password go up to eleven?
- 27 April 2013
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
- p. 2379-2388
- https://doi.org/10.1145/2470654.2481329
Abstract
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. We observed that the presence of meters yielded significantly stronger passwords. We performed a followup field experiment to test a different scenario: creating a password for an unimportant account. In this scenario, we found that the meters made no observable difference: participants simply reused weak passwords that they used to protect similar low-risk accounts. We conclude that meters result in stronger passwords when users are forced to change existing passwords on "important" accounts and that individual meter design decisions likely have a marginal impact.Keywords
This publication has 14 references indexed in Scilit:
- The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million PasswordsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- A Research Agenda Acknowledging the Persistence of PasswordsIEEE Security & Privacy, 2011
- Of passwords and peoplePublished by Association for Computing Machinery (ACM) ,2011
- Testing metrics for password creation policies by attacking large sets of revealed passwordsPublished by Association for Computing Machinery (ACM) ,2010
- The impact of social navigation on privacy policy configurationPublished by Association for Computing Machinery (ACM) ,2010
- THE WAY I SEE ITWhen security gets in the wayInteractions, 2009
- A large-scale study of web password habitsPublished by Association for Computing Machinery (ACM) ,2007
- Human selection of mnemonic phrase-based passwordsPublished by Association for Computing Machinery (ACM) ,2006
- Users are not the enemyCommunications of the ACM, 1999
- Password securityCommunications of the ACM, 1979