Everything but the User: Reducing Password Reuse
Date: November 19 2018
Publication: PasswordsCon 2018 Stockholm
Source 1: https://mirandawei.com/assets/passwords18-slides.pdf
Abstract or Summary:
Every day, attackers exploit password reuse to breach accounts, costing users and service providers dearly. Conventional wisdom blames users for choosing and reusing easily cracked passwords. However, a complete analysis of the password reuse ecosystem reveals a convoluted situation. While it's true that users poorly understand the risks of reusing passwords, nonsensical password composition policies and confusing notifications further sustain the problem.
This talk argues that reducing password reuse requires solutions going far beyond telling users to not reuse passwords. Reflecting on insights from user studies and qualitative research, I present best practices for designing password-reuse notifications and pose criteria for any potential solutions hoping to ameliorate password reuse.
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=9X0Ev2RJeTM
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.