f secure "key" project
TRANSCRIPT
F-Secure KeyChanging Passwords
Good afternoon! We would like to present our findings and recommendation on the process of changing passwords.
teamSUPER
Nikita Ha KeesLiza
What leads people to change passwords1
What problems they face2
3 How to facilitate the process of changing passwords
In our research we were supposed, first of all, to figure out what motivates people to change their passwords.
Secondly, try to investigate which problems they try to cope with while changing passwords.
Thirdly, come up with ideas how to make the process of changing passwords more convenient and reliable for users.
20 interviews and 14 common problems 4 ideas to validate
> 60 responses 2 solutions approved
10 new ideas =)
The logic of our research is based on finding common problems through the interviews.
After that we analyzed the results and came up with the list of ideas to improve the process of changing passwords.
We conducted the online survey to refute or support the ideas.
It turned out that from the list only 2 ideas were considered as valuable and sensible from the users perspective.
And we continued the list with fresh and eccentric ideas which are not yet validated by users.
Laziness only 30% change
passwords regularly
process is stressful for 50%
not secure and reliable enough for 77%
77% don’t trust the third party and banks
Change passwords automatically
People are lazy to do this or dont see any value and moreover they find this process rather stressful.
That how we came up with the first solution to change passwords automatically.
But in fact this kind of service is not secure and reliable enough for 77%. Moreover it is not applicable for banking services accounts as 77% of people don't trust the third parties to manage their passwords.
system request motivates 58% of respondents
Forgetfulness
only 30% change passwords regularly
64% will change password immediately
Reminder
Another problem we pointed out is that people are forgetful and don't care much about the necessity to change passwords.
And we suggest to mitigate the problem by using a timer reminder for different accounts (in accordance to the level of importance).
Approximately 30% change passwords regularly. That is why the recommendation linked to timer reminder for different accounts is likely to work.
Moreover, one of the incentives to change the password is the request from the system, and after that the feeling of insecurity (58% and 43% respectfully).
Awareness
45% see value in such materials
80% don’t use any tutorial and tips
Educational and promotional program
The third problem we found is a lack of awareness of the necessity to change passwords and security issues, as well as of password managers.
As the result, we suggest to pay attention to SMM as the key tool to promote password managers and educate users about security issues.
Approximately 45% of respondents would see value in such kind of materials.
Newness
Partnership with Aalto
65% use the same or slightly different password
70% don’t use password managers
Most students face the problem to log in different account from the new or public PC.
And our recommendation is to make a partnership with Aalto University. That means to install F secure key on all PC to provide convenient and fast access to all students’ accounts.
But still 65% of respondents use the same easy to remember password for all accounts.
And 70% of respondents dont use password managers. That is why it is rather difficult to make them use Key on public PC.
Representation of passwords
Change one password for all
accounts
Want to change password?
Generate a new string Easily come up with a new password
Get achievements for changing passwords frequently
Congratulations! You’ve just created a new password!
Congratulations! You are more responsible than your friends!
Congratulations! You gained a new title, little spy!
Future is not about passwords
Thank you for attention!
Questions?
Common problemsPeople are lazy to change old and remind new passwords;
They use the same password (variations of the same password for different services) or have several passwords with different complexity in respect to the level of importance of the service;
And yes, they do keep them in the head;
Some people do not know about password managers at all;
For most of people the only one motivation to change passwords is the notification from the system;
Even though some of people do not change the password immediately, but in several days or even weeks;
Most of people feel frustrated and stressful when they have to come up with the password, which meets all the requirements;
Some people do not trust third-party to store and generate passwords.
More problems and solutions
For elderly people - call broker and get password;
Spend much time on finding the place in the interface to change/manage the password;
Does not use auto-fill in a browser as it is insecure;
Very confident while working on his Mac (uses Mac Keys). However that is a problem when trying to use passwords from public place;
I appreciate synchronizing with Dropbox to have a permanent access to all my passwords;
Include subscription fee for password managers or whatever into Internet bill.
Target groups
• Ideas: regular users
• Interviews: 3 interviews with IT-people, other - regular users
• Survey: regular users from Russia, Latvia, Finland, Holland, Vietnam, Germany, France
Interview questions• Does the problem exist? Do you feel a need to improve the
security of your accounts in the Internet? How do you see this improvement?
• How people currently get around the problem? Try to remember last time you changed the password. Describe your motivation and the process of coming up with passwords./ How you decide to change the password for your accounts? What do you like most about the way you change and store your passwords? How busy, hurried, frustrated, stressed you are while changing passwords?
• How appealing is our value proposition/solution? What value do you see in steadily changing passwords? How much time and money are you willing to spend on changing passwords?
SurveyHow often do you change passwords?
What makes you change passwords?
Would you like to use a service that automatically changes your passwords?
How much would you pay for such service?
How would you estimate the value of promotional and educational materials about changing and storing passwords?
Would you change the passwords if you received notifications from the system to change your password immediately?
How stressful, frustrated or angry are you while generating and re-entering new password in context of meeting all requirements?
Would you trust your bank to change your account password automatically?