Survival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition
Date: September 2013 Publication: Proceedings of the 14th IFIP TC 13 International Conference, INTERACT 2013 Page(s): 460 - 467 Publisher: Springer-Verlag Source 1: http://www.irit.fr/recherches/ICS/events/conferences/interact2013/papers/8119460.pdf Source 2: http://www.researchgate.net/profile/Emanuel_Zezschwitz/publication/261799065_Survival_of_the_Shortest_A_Retrospective_Analysis_of_Influencing_Factors_on_Password_Composition/file/504635358b4be85e4e.pdf Source 3: http://dx.doi.org/10.1007%2F978-3-642-40477-1_28 - Subscription or payment required Abstract or Summary:
In this paper, we investigate the evolutionary change of user-selected passwords. We conducted one-on-one interviews and analyzed the complexity and the diversity of users’ passwords using different analysis tools. By comparing their first-ever created passwords to several of their currently used passwords (e.g. most secure, policy-based), we were able to trace password reuse, password changes and influencing factors on the evolutionary process. Our approach allowed for analyzing security aspects without actually knowing the clear-text passwords. The results reveal that currently used passwords are significantly longer than the participants’ first passwords and that most participants are aware of how to compose strong passwords. However, most users are still using significantly weaker passwords for most services. These weak passwords, often with roots in the very first passwords the users have chosen, apparently survive very well, despite password policies and password meters. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |