how does y our password m easure up

HOW DOES YOUR PASSWORD MEASURE UP The Effect of Strength Meters on Password Creation Rui Xie

Upload: tanika

Post on 24-Feb-2016

36 views

Category:

Documents

0 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

How Does Y our Password M easure Up. The Effect of Strength Meters on Password Creation. Rui Xie. Password Meters. Users could receive feedback when creating password Users could create “STRONG” password by password meters Widely used Different shapes and sizes. - PowerPoint PPT Presentation

TRANSCRIPT

HOW DOES YOUR PASSWORD MEASURE UP

The Effect of Strength Meters on Password Creation

Rui Xie

Page 2: How Does Y our Password M easure Up

Password Meters• Users could receive feedback when creating password• Users could create “STRONG” password by password

meters• Widely used• Different shapes and sizes

Page 3: How Does Y our Password M easure Up

Primary Research Questions• The affection of password on:

• Composition• Guessability• Creation Process• Memorability• User Sentiment

• Important elements of meter design

Page 4: How Does Y our Password M easure Up

Methodology• 2931 participants online study• Between-subjects design• Study in 2 parts, last 2 more days

• Part 1: create a password and take a survey about creation(48hours)

• Part 2: re-enter password and answer a survey on remembering password

Page 5: How Does Y our Password M easure Up

Conditions• Control conditions

• Visual differences

• Scoring differences

• Both Visual & Scoring differences

Page 6: How Does Y our Password M easure Up

Control Conditions• Conditions to which all others were compared

• No meter: no feedback

• Baseline meter: stand password meter

Page 7: How Does Y our Password M easure Up

Visual Differences• Three-segment• Green• Tiny• Huge• No suggestions• Text-only• Bunny condition

Page 8: How Does Y our Password M easure Up

Scoring differences• Half-score• One-third-score• Nudge-16• Nudge-comp8

Page 9: How Does Y our Password M easure Up

Visual & Scoring differences• Text-only-half• Bold-text-only-half

Page 10: How Does Y our Password M easure Up

Stringent Meters• Half-score

• One-third-score

• Text-only-half

• Bold text-only-half

Page 11: How Does Y our Password M easure Up

Metrics for Results• Composition

• Guessability

• Creation process

• Memorability

• Sentiment

Page 12: How Does Y our Password M easure Up

Composition• Password length

Page 13: How Does Y our Password M easure Up

Guessability• Threat model: offline attack• Weak adversary: 500 million guesses• Medium adversary: 50 billion guesses • Strong adversary: 5 trillion guesses

Page 14: How Does Y our Password M easure Up

Results of Guessability (Visual)

Page 15: How Does Y our Password M easure Up

Results of Guessability (Scoring)

Page 16: How Does Y our Password M easure Up

Results of Guessability (Stringent)

Page 17: How Does Y our Password M easure Up

Process of Creating Password• Time of creating password• Changing mind during creating password

Time of creating password Change mind

Page 18: How Does Y our Password M easure Up

Memorability• After 5 minutes still remember and 2 days later has the

same effect• Return rate• Write password down or use electronic devices to record

Page 19: How Does Y our Password M easure Up

Sentiment• Different level of agreement with 14 statements on

password creation and password meter• Results

• Stringent meters a bit more annoying• Stringent meters violate expections

Page 20: How Does Y our Password M easure Up

Meters Matter• Meters leads to longer password• Stringent meters reduce guessability• Memorability will not be affect by maters• Overly stringent meters don’t add benefits

J. W illiam L easure

My password is password

ETERMINATIONS OF EASURE particularly in respect to the connection

How to Setup Multi-Factor AuthenticationNote: MFA does not apply when used from within the campus. 24 2. Password authentication as usual If you are not asked for password and the

2nd Quarter 2013 - Functional Pathwaysfunctionalpathways.com/static/newsletters/Employee...If your computer, laptop, netbook or iPad does not have a password and a password protected

What does · reset a forgotten password? What does “MFA” mean? Jeffrey Goldberg [email protected] Mind the gaps 1. ∃ gaps twixt ordinary user understandings and actual security

Password Managers · Frank Chen | Spring 2017 CS 88S Password, Authentication, Password Managers Week 4 LastPass, a Password Manager Application

Size doeS matter - ElcomSoft › WP › advantages_of_distributed...Size doeS matter: advantageS of diStributed paSSword recovery whitepaper 4 Loss oF ACCess – DAILy MAtteR Obviously,

A Self-Concept M easure of Personality G row th: Self-Concept M aturity

PASSWORD SECURITY - Indiana · PUMP UP YOUR PASSWORD When it comes to security, one password does a lot of heavy lifting. Pump up your password by picking long, uncommon words that

Size doeS matter - ElcomSoft · 2014-01-15 · Size doeS matter: advantageS of diStributed paSSword recovery whitepaper 4 Loss oF ACCess – DAILy MAtteR Obviously, the weak link

SPI LL PREVENTI ON ONTROL AND COUNTERM EASURE L AN