Survival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition
Date: September 2013
Publication: Proceedings of the 14th IFIP TC 13 International Conference, INTERACT 2013
Page(s): 460 - 467
Source 1: http://www.irit.fr/recherches/ICS/events/conferences/interact2013/papers/8119460.pdf
Source 2: http://www.researchgate.net/profile/Emanuel_Zezschwitz/publication/261799065_Survival_of_the_Shortest_A_Retrospective_Analysis_of_Influencing_Factors_on_Password_Composition/file/504635358b4be85e4e.pdf
Source 3: http://dx.doi.org/10.1007%2F978-3-642-40477-1_28 - Subscription or payment required
Abstract or Summary:
In this paper, we investigate the evolutionary change of user-selected passwords. We conducted one-on-one interviews and analyzed the complexity and the diversity of usersí passwords using different analysis tools. By comparing their first-ever created passwords to several of their currently used passwords (e.g. most secure, policy-based), we were able to trace password reuse, password changes and influencing factors on the evolutionary process. Our approach allowed for analyzing security aspects without actually knowing the clear-text passwords. The results reveal that currently used passwords are significantly longer than the participantsí first passwords and that most participants are aware of how to compose strong passwords. However, most users are still using significantly weaker passwords for most services. These weak passwords, often with roots in the very first passwords the users have chosen, apparently survive very well, despite password policies and password meters.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.