How Does Y our Password M easure Up - PowerPoint PPT Presentation

tanika
how does y our password m easure up n.
Skip this Video
Loading SlideShow in 5 Seconds..
How Does Y our Password M easure Up PowerPoint Presentation
Download Presentation
How Does Y our Password M easure Up

play fullscreen
1 / 20
Download Presentation
How Does Y our Password M easure Up
93 Views
Download Presentation

How Does Y our Password M easure Up

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. How Does Your Password Measure Up The Effect of Strength Meters on Password Creation Rui Xie

  2. Password Meters • Users could receive feedback when creating password • Users could create “STRONG” password by password meters • Widely used • Different shapes and sizes

  3. Primary Research Questions • The affection of password on: • Composition • Guessability • Creation Process • Memorability • User Sentiment • Important elements of meter design

  4. Methodology • 2931 participants online study • Between-subjects design • Study in 2 parts, last 2 more days • Part 1: create a password and take a survey about creation(48hours) • Part 2: re-enter password and answer a survey on remembering password

  5. Conditions • Control conditions • Visualdifferences • Scoringdifferences • Both Visual & Scoringdifferences

  6. Control Conditions • Conditions to which all others were compared • No meter: no feedback • Baseline meter: stand password meter

  7. Visual Differences • Three-segment • Green • Tiny • Huge • No suggestions • Text-only • Bunny condition

  8. Scoring differences • Half-score • One-third-score • Nudge-16 • Nudge-comp8

  9. Visual & Scoring differences • Text-only-half • Bold-text-only-half

  10. Stringent Meters • Half-score • One-third-score • Text-only-half • Bold text-only-half

  11. Metrics for Results • Composition • Guessability • Creation process • Memorability • Sentiment

  12. Composition • Password length

  13. Guessability • Threat model: offline attack • Weak adversary: 500 million guesses • Medium adversary: 50 billion guesses  • Strong adversary: 5 trillion guesses

  14. Results of Guessability (Visual)

  15. Results of Guessability (Scoring)

  16. Results of Guessability (Stringent)

  17. Process of Creating Password • Time of creating password • Changing mind during creating password Time of creating password Change mind

  18. Memorability • After 5 minutes still remember and 2 days later has the same effect • Return rate • Write password down or use electronic devices to record it

  19. Sentiment • Different level of agreement with 14 statements on password creation and password meter • Results • Stringent meters a bit more annoying • Stringent meters violate expections

  20. Meters Matter • Meters leads to longer password • Stringent meters reduce guessability • Memorability will not be affect by maters • Overly stringent meters don’t add benefits