Improving Text Passwords Through Persuasion
Date: July 2008
Publication: Proceedings of the 4th Symposium on Usable Privacy and Security SOUPS '08
Page(s): 1 - 12
Source 1: http://cups.cs.cmu.edu/soups/2008/proceedings/p1Forget.pdf
Source 2: http://dl.acm.org/citation.cfm?id=1408666 - Subscription or payment required
Abstract or Summary:
Password restriction policies and advice on creating secure passwords have limited effects on password strength. Influencing
users to create more secure passwords remains an open problem. We have developed Persuasive Text Passwords (PTP), a text password creation system which leverages Persuasive Technology principles to influence users in creating more secure passwords without sacrificing usability. After users choose a password during creation, PTP improves its security by placing randomly-chosen characters at random positions into the password. Users may shuffle to be presented with randomly-chosen and positioned characters until they find a combination they feel is memorable. In this paper, we present an 83-participant user study testing four PTP variations. Our results show that the PTP variations significantly improved the security of users’ passwords. We also found that those participants who had a high number
of random characters placed into their passwords would deliberately choose weaker pre-improvement passwords to compensate for the memory load. As a consequence of this compensatory behaviour, there was a limit to the gain in password security achieved by PTP.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.