Download - How Does Y our Password M easure Up
![Page 1: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/1.jpg)
HOW DOES YOUR PASSWORD MEASURE UP
The Effect of Strength Meters on Password Creation
Rui Xie
![Page 2: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/2.jpg)
Password Meters• Users could receive feedback when creating password• Users could create “STRONG” password by password
meters• Widely used• Different shapes and sizes
![Page 3: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/3.jpg)
Primary Research Questions• The affection of password on:
• Composition• Guessability• Creation Process• Memorability• User Sentiment
• Important elements of meter design
![Page 4: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/4.jpg)
Methodology• 2931 participants online study• Between-subjects design• Study in 2 parts, last 2 more days
• Part 1: create a password and take a survey about creation(48hours)
• Part 2: re-enter password and answer a survey on remembering password
![Page 5: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/5.jpg)
Conditions• Control conditions
• Visual differences
• Scoring differences
• Both Visual & Scoring differences
![Page 6: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/6.jpg)
Control Conditions• Conditions to which all others were compared
• No meter: no feedback
• Baseline meter: stand password meter
![Page 7: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/7.jpg)
Visual Differences• Three-segment• Green• Tiny• Huge• No suggestions• Text-only• Bunny condition
![Page 8: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/8.jpg)
Scoring differences• Half-score• One-third-score• Nudge-16• Nudge-comp8
![Page 9: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/9.jpg)
Visual & Scoring differences• Text-only-half• Bold-text-only-half
![Page 10: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/10.jpg)
Stringent Meters• Half-score
• One-third-score
• Text-only-half
• Bold text-only-half
![Page 11: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/11.jpg)
Metrics for Results• Composition
• Guessability
• Creation process
• Memorability
• Sentiment
![Page 12: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/12.jpg)
Composition• Password length
![Page 13: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/13.jpg)
Guessability• Threat model: offline attack• Weak adversary: 500 million guesses• Medium adversary: 50 billion guesses • Strong adversary: 5 trillion guesses
![Page 14: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/14.jpg)
Results of Guessability (Visual)
![Page 15: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/15.jpg)
Results of Guessability (Scoring)
![Page 16: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/16.jpg)
Results of Guessability (Stringent)
![Page 17: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/17.jpg)
Process of Creating Password• Time of creating password• Changing mind during creating password
Time of creating password Change mind
![Page 18: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/18.jpg)
Memorability• After 5 minutes still remember and 2 days later has the
same effect• Return rate• Write password down or use electronic devices to record
it
![Page 19: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/19.jpg)
Sentiment• Different level of agreement with 14 statements on
password creation and password meter• Results
• Stringent meters a bit more annoying• Stringent meters violate expections
![Page 20: How Does Y our Password M easure Up](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/20.jpg)
Meters Matter• Meters leads to longer password• Stringent meters reduce guessability• Memorability will not be affect by maters• Overly stringent meters don’t add benefits