How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
Date: August 2012 Publication: Proceedings of the 21st USENIX Conference on Security Symposium, Security '12 Publisher: USENIX Source 1: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final209.pdf Source 2: http://www.ece.cmu.edu/~lbauer/papers/2012/usenix2012-meters.pdf Source 3: http://www.blaseur.com/papers/sec12_pwmeters_paper.pdf Abstract or Summary:
To help users create stronger text-based passwords, many web sites have deployed password meters that provide visual feedback on password strength. Although these meters are in wide use, their effects on the security and usability of passwords have not been well studied. We present a 2,931-subject study of password creation in the presence of 14 password meters. We found that meters with a variety of visual appearances led users to create longer passwords. However, significant increases in resistance to a password-cracking algorithm were only achieved using meters that scored passwords stringently. These stringent meters also led participants to include more digits, symbols, and uppercase letters. Password meters also affected the act of password creation. Participants who saw stringent meters spent longer creating their password and were more likely to change their password while entering it, yet they were also more likely to find the password meter annoying. However, the most stringent meter and those without visual bars caused participants to place less importance on satisfying the meter. Participants who saw more lenient meters tried to fill the meter and were averse to choosing passwords a meter deemed “bad” or “poor.” Our findings can serve as guidelines for administrators seeking to nudge users towards stronger passwords. PasswordResearch.com Note: Additional authors listed for this paper: Timothy Passaro, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor
Presentation video and audio: https://www.usenix.org/conference/usenixsecurity12/how-does-your-password-measure-effect-strength-meters-password-creation
Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |