Does My Password Go Up to Eleven? The Impact of Password Meters on Password Selection
Author(s): Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, Cormac Herley

Date: April 2013
Publication: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '13
Page(s): 2379 - 2388
Publisher: ACM
Source 1: http://research.microsoft.com/pubs/192108/chi13b.pdf
Source 2: http://www.guanotronic.com/~serge/papers/chi13b.pdf
Source 3: http://dx.doi.org/10.1145/2470654.2481329 - Subscription or payment required

Abstract or Summary:
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. We observed that the presence of meters yielded significantly stronger passwords. We performed a followup field experiment to test a different scenario: creating a password for an unimportant account. In this scenario, we found that the meters made no observable difference: participants simply reused weak passwords that they used to protect similar low-risk accounts. We conclude that meters result in stronger passwords when users are forced to change existing passwords on "important" accounts and that individual meter design decisions likely have a marginal impact.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com