Upload File

Download - How Does Y our Password M easure Up

Transcript
Page 1: How Does Y our Password M easure Up

HOW DOES YOUR PASSWORD MEASURE UP

The Effect of Strength Meters on Password Creation

Rui Xie

Page 2: How Does Y our Password M easure Up

Password Meters• Users could receive feedback when creating password• Users could create “STRONG” password by password

meters• Widely used• Different shapes and sizes

Page 3: How Does Y our Password M easure Up

Primary Research Questions• The affection of password on:

• Composition• Guessability• Creation Process• Memorability• User Sentiment

• Important elements of meter design

Page 4: How Does Y our Password M easure Up

Methodology• 2931 participants online study• Between-subjects design• Study in 2 parts, last 2 more days

• Part 1: create a password and take a survey about creation(48hours)

• Part 2: re-enter password and answer a survey on remembering password

Page 5: How Does Y our Password M easure Up

Conditions• Control conditions

• Visual differences

• Scoring differences

• Both Visual & Scoring differences

Page 6: How Does Y our Password M easure Up

Control Conditions• Conditions to which all others were compared

• No meter: no feedback

• Baseline meter: stand password meter

Page 7: How Does Y our Password M easure Up

Visual Differences• Three-segment• Green• Tiny• Huge• No suggestions• Text-only• Bunny condition

Page 8: How Does Y our Password M easure Up

Scoring differences• Half-score• One-third-score• Nudge-16• Nudge-comp8

Page 9: How Does Y our Password M easure Up

Visual & Scoring differences• Text-only-half• Bold-text-only-half

Page 10: How Does Y our Password M easure Up

Stringent Meters• Half-score

• One-third-score

• Text-only-half

• Bold text-only-half

Page 11: How Does Y our Password M easure Up

Metrics for Results• Composition

• Guessability

• Creation process

• Memorability

• Sentiment

Page 12: How Does Y our Password M easure Up

Composition• Password length

Page 13: How Does Y our Password M easure Up

Guessability• Threat model: offline attack• Weak adversary: 500 million guesses• Medium adversary: 50 billion guesses • Strong adversary: 5 trillion guesses

Page 14: How Does Y our Password M easure Up

Results of Guessability (Visual)

Page 15: How Does Y our Password M easure Up

Results of Guessability (Scoring)

Page 16: How Does Y our Password M easure Up

Results of Guessability (Stringent)

Page 17: How Does Y our Password M easure Up

Process of Creating Password• Time of creating password• Changing mind during creating password

Time of creating password Change mind

Page 18: How Does Y our Password M easure Up

Memorability• After 5 minutes still remember and 2 days later has the

same effect• Return rate• Write password down or use electronic devices to record

it

Page 19: How Does Y our Password M easure Up

Sentiment• Different level of agreement with 14 statements on

password creation and password meter• Results

• Stringent meters a bit more annoying• Stringent meters violate expections

Page 20: How Does Y our Password M easure Up

Meters Matter• Meters leads to longer password• Stringent meters reduce guessability• Memorability will not be affect by maters• Overly stringent meters don’t add benefits


Top Related

2nd Quarter 2013 - Functional Pathwaysfunctionalpathways.com/static/newsletters/Employee...If your computer, laptop, netbook or iPad does not have a password and a password protected
2nd Quarter 2013 - Functional Pathwaysfunctionalpathways.com/static/newsletters/Employee...If your computer, laptop, netbook or iPad does not have a password and a password protected
How to change cloud email password. - W3infotech€¦ · Change Password Webmail Password Old Password Kuwait, Riyadh New ail Address Confirm Passwnord iri@gmail.com The new password
How to change cloud email password. - W3infotech€¦ · Change Password Webmail Password Old Password Kuwait, Riyadh New ail Address Confirm Passwnord [email protected] The new password
MS Excel password recovery to crack XLSX password & Recovery Excel password
MS Excel password recovery to crack XLSX password & Recovery Excel password
-EASURE WHATISMEASURABLE ANDMAKEMEASURABLE …€¦ · -EASURE WHATISMEASURABLE ANDMAKEMEASURABLE ... "Maintenance/Error Report" and ... The measurement principle of AMVn is the rolling
-EASURE WHATISMEASURABLE ANDMAKEMEASURABLE …€¦ · -EASURE WHATISMEASURABLE ANDMAKEMEASURABLE ... "Maintenance/Error Report" and ... The measurement principle of AMVn is the rolling
Size doeS matter - ElcomSoft€¦ · Size doeS matter: advantageS of diStributed paSSword recovery whitepaper 9 tIMe Is Money Having made out what the passwords are and what are the
Size doeS matter - ElcomSoft€¦ · Size doeS matter: advantageS of diStributed paSSword recovery whitepaper 9 tIMe Is Money Having made out what the passwords are and what are the
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation · How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation Blase
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation · How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation Blase
vRealize Suite 2017 - VMware Docs Home If the root password does not contain a sha512 hash, run the passwd command to set a new password. vRealize Suite Lifecycle Manager 1.x Security
vRealize Suite 2017 - VMware Docs Home If the root password does not contain a sha512 hash, run the passwd command to set a new password. vRealize Suite Lifecycle Manager 1.x Security
M ESH S IMPLIFICATION V IA A V OLUME C OST M EASURE
M ESH S IMPLIFICATION V IA A V OLUME C OST M EASURE