Upload File

Download - How Does Y our Password M easure Up

Transcript
Page 1: How Does Y our Password M easure Up

HOW DOES YOUR PASSWORD MEASURE UP

The Effect of Strength Meters on Password Creation

Rui Xie

Page 2: How Does Y our Password M easure Up

Password Meters• Users could receive feedback when creating password• Users could create “STRONG” password by password

meters• Widely used• Different shapes and sizes

Page 3: How Does Y our Password M easure Up

Primary Research Questions• The affection of password on:

• Composition• Guessability• Creation Process• Memorability• User Sentiment

• Important elements of meter design

Page 4: How Does Y our Password M easure Up

Methodology• 2931 participants online study• Between-subjects design• Study in 2 parts, last 2 more days

• Part 1: create a password and take a survey about creation(48hours)

• Part 2: re-enter password and answer a survey on remembering password

Page 5: How Does Y our Password M easure Up

Conditions• Control conditions

• Visual differences

• Scoring differences

• Both Visual & Scoring differences

Page 6: How Does Y our Password M easure Up

Control Conditions• Conditions to which all others were compared

• No meter: no feedback

• Baseline meter: stand password meter

Page 7: How Does Y our Password M easure Up

Visual Differences• Three-segment• Green• Tiny• Huge• No suggestions• Text-only• Bunny condition

Page 8: How Does Y our Password M easure Up

Scoring differences• Half-score• One-third-score• Nudge-16• Nudge-comp8

Page 9: How Does Y our Password M easure Up

Visual & Scoring differences• Text-only-half• Bold-text-only-half

Page 10: How Does Y our Password M easure Up

Stringent Meters• Half-score

• One-third-score

• Text-only-half

• Bold text-only-half

Page 11: How Does Y our Password M easure Up

Metrics for Results• Composition

• Guessability

• Creation process

• Memorability

• Sentiment

Page 12: How Does Y our Password M easure Up

Composition• Password length

Page 13: How Does Y our Password M easure Up

Guessability• Threat model: offline attack• Weak adversary: 500 million guesses• Medium adversary: 50 billion guesses • Strong adversary: 5 trillion guesses

Page 14: How Does Y our Password M easure Up

Results of Guessability (Visual)

Page 15: How Does Y our Password M easure Up

Results of Guessability (Scoring)

Page 16: How Does Y our Password M easure Up

Results of Guessability (Stringent)

Page 17: How Does Y our Password M easure Up

Process of Creating Password• Time of creating password• Changing mind during creating password

Time of creating password Change mind

Page 18: How Does Y our Password M easure Up

Memorability• After 5 minutes still remember and 2 days later has the

same effect• Return rate• Write password down or use electronic devices to record

it

Page 19: How Does Y our Password M easure Up

Sentiment• Different level of agreement with 14 statements on

password creation and password meter• Results

• Stringent meters a bit more annoying• Stringent meters violate expections

Page 20: How Does Y our Password M easure Up

Meters Matter• Meters leads to longer password• Stringent meters reduce guessability• Memorability will not be affect by maters• Overly stringent meters don’t add benefits


Top Related

ID Password FUND PASSWORD作成・登録kasooutsuuka.up.seesaa.net/image/EUNEX2019.03.20.pdf · Login Password Login Password Fund Password Password for withdrawing and trading assets
ID Password FUND PASSWORD作成・登録kasooutsuuka.up.seesaa.net/image/EUNEX2019.03.20.pdf · Login Password Login Password Fund Password Password for withdrawing and trading assets
Size doeS matter - ElcomSoft€¦ · Size doeS matter: advantageS of diStributed paSSword recovery whitepaper 9 tIMe Is Money Having made out what the passwords are and what are the
Size doeS matter - ElcomSoft€¦ · Size doeS matter: advantageS of diStributed paSSword recovery whitepaper 9 tIMe Is Money Having made out what the passwords are and what are the
Exploring Antennas Van Warren AE5CC. Exploring Antennas: Pattern D esign S imulate M easure R efine
Exploring Antennas Van Warren AE5CC. Exploring Antennas: Pattern D esign S imulate M easure R efine
-EASURE WHATISMEASURABLE ANDMAKEMEASURABLE … · -EASURE WHATISMEASURABLE ANDMAKEMEASURABLE THATWHICHISNOT 'ALILEO'ALILEI Instruction Manual DMA 4500/5000 Density/Specific Gravity/Concentration
-EASURE WHATISMEASURABLE ANDMAKEMEASURABLE … · -EASURE WHATISMEASURABLE ANDMAKEMEASURABLE THATWHICHISNOT 'ALILEO'ALILEI Instruction Manual DMA 4500/5000 Density/Specific Gravity/Concentration
EASURE H ALL AIL BOX EASURE ALL DIVERSE S …...complicated manner, but just the funda-mental basics. Simply put, go to class and communicate. Showing up just when the sylla-bus says
EASURE H ALL AIL BOX EASURE ALL DIVERSE S …...complicated manner, but just the funda-mental basics. Simply put, go to class and communicate. Showing up just when the sylla-bus says
Size doeS matter - ElcomSoft › WP › advantages_of_distributed...Size doeS matter: advantageS of diStributed paSSword recovery whitepaper 4 Loss oF ACCess – DAILy MAtteR Obviously,
Size doeS matter - ElcomSoft › WP › advantages_of_distributed...Size doeS matter: advantageS of diStributed paSSword recovery whitepaper 4 Loss oF ACCess – DAILy MAtteR Obviously,
A Self-Concept M easure of Personality G row th: Self-Concept M aturity
A Self-Concept M easure of Personality G row th: Self-Concept M aturity
Password Management Solution (ILANTUS Xpress Password)
Password Management Solution (ILANTUS Xpress Password)