Diversify to Survive: Making Passwords Stronger with Adaptive Policies
نویسندگان
چکیده
Password-composition policies are intended to increase resistance to guessing attacks by requiring certain features (e.g., a minimum length and the inclusion of a digit). Sadly, they often result in users’ passwords exhibiting new, yet still predictable, patterns. In this paper, we investigate the usability and security of adaptive password-composition policies, which dynamically change password requirements over time as users create new passwords. We conduct a 2,619participant between-subjects online experiment to evaluate the strength and usability of passwords created with two adaptive password policies. We also design and test a feedback system that guides users to successfully create a password conforming to these policies. We find that a wellconfigured, structure-based adaptive password policy can significantly increase password strength with little to no decrease in usability. We discuss how system administrators can use these results to improve password diversity.
منابع مشابه
Creating Usable Policies for Stronger Passwords with MTurk
People are living increasingly large swaths of their lives through their online accounts. These accounts are brimming with sensitive data, and they are often protected only by a text password. Attackers can break into service providers and steal the hashed password files that store users’ passwords. This lets attackers make a large number of guesses to crack users’ passwords. The stronger a pas...
متن کاملA A Large-Scale Evaluation of High-Impact Password Strength Meters
Passwords are ubiquitous in our daily digital lives. They protect various types of assets ranging from a simple account on an online newspaper website to our health information on government websites. However, due to the inherent value they protect, attackers have developed insights into cracking/guessing passwords both offline and online. In many cases, users are forced to choose stronger pass...
متن کاملA Novel Web - based Approach for Balancing Usability and Security Requirements of Text Passwords
Many Internet applications, for example e-commerce or email services require that users create a username and password which serves as an authentication mechanism. Though text passwords have been around for a while, not much has been done in helping naive Internet users in creating strong passwords. Generally users prefer easy-to-remember passwords, but service provides prefer that users use a ...
متن کاملInfluencing Self-Selected Passwords Through Suggestions and the Decoy Effect
We present results from an online experiment with the goal of nudging users towards stronger passwords. We explored the effect of suggesting different variations and constellations of passwords during password selection. In particular, we investigated whether the decoy effect can be applied here: When people face a choice between two options, adding a third, unfavorable option can influence the...
متن کاملSurvival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition
In this paper, we investigate the evolutionary change of user-selected passwords. We conducted one-on-one interviews and analyzed the complexity and the diversity of users’ passwords using different analysis tools. By comparing their first-ever created passwords to several of their currently used passwords (e.g. most secure, policy-based), we were able to trace password reuse, password changes ...
متن کامل