how does y our password m easure up
DESCRIPTION
How Does Y our Password M easure Up. The Effect of Strength Meters on Password Creation. Rui Xie. Password Meters. Users could receive feedback when creating password Users could create “STRONG” password by password meters Widely used Different shapes and sizes. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/1.jpg)
HOW DOES YOUR PASSWORD MEASURE UP
The Effect of Strength Meters on Password Creation
Rui Xie
![Page 2: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/2.jpg)
Password Meters• Users could receive feedback when creating password• Users could create “STRONG” password by password
meters• Widely used• Different shapes and sizes
![Page 3: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/3.jpg)
Primary Research Questions• The affection of password on:
• Composition• Guessability• Creation Process• Memorability• User Sentiment
• Important elements of meter design
![Page 4: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/4.jpg)
Methodology• 2931 participants online study• Between-subjects design• Study in 2 parts, last 2 more days
• Part 1: create a password and take a survey about creation(48hours)
• Part 2: re-enter password and answer a survey on remembering password
![Page 5: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/5.jpg)
Conditions• Control conditions
• Visual differences
• Scoring differences
• Both Visual & Scoring differences
![Page 6: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/6.jpg)
Control Conditions• Conditions to which all others were compared
• No meter: no feedback
• Baseline meter: stand password meter
![Page 7: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/7.jpg)
Visual Differences• Three-segment• Green• Tiny• Huge• No suggestions• Text-only• Bunny condition
![Page 8: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/8.jpg)
Scoring differences• Half-score• One-third-score• Nudge-16• Nudge-comp8
![Page 9: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/9.jpg)
Visual & Scoring differences• Text-only-half• Bold-text-only-half
![Page 10: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/10.jpg)
Stringent Meters• Half-score
• One-third-score
• Text-only-half
• Bold text-only-half
![Page 11: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/11.jpg)
Metrics for Results• Composition
• Guessability
• Creation process
• Memorability
• Sentiment
![Page 12: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/12.jpg)
Composition• Password length
![Page 13: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/13.jpg)
Guessability• Threat model: offline attack• Weak adversary: 500 million guesses• Medium adversary: 50 billion guesses • Strong adversary: 5 trillion guesses
![Page 14: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/14.jpg)
Results of Guessability (Visual)
![Page 15: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/15.jpg)
Results of Guessability (Scoring)
![Page 16: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/16.jpg)
Results of Guessability (Stringent)
![Page 17: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/17.jpg)
Process of Creating Password• Time of creating password• Changing mind during creating password
Time of creating password Change mind
![Page 18: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/18.jpg)
Memorability• After 5 minutes still remember and 2 days later has the
same effect• Return rate• Write password down or use electronic devices to record
it
![Page 19: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/19.jpg)
Sentiment• Different level of agreement with 14 statements on
password creation and password meter• Results
• Stringent meters a bit more annoying• Stringent meters violate expections
![Page 20: How Does Y our Password M easure Up](https://reader036.vdocuments.mx/reader036/viewer/2022062315/56816641550346895dd9b273/html5/thumbnails/20.jpg)
Meters Matter• Meters leads to longer password• Stringent meters reduce guessability• Memorability will not be affect by maters• Overly stringent meters don’t add benefits