A mathematical theory of communication
ACM SIGMOBILE Mobile Computing and Communications Review
Password policy: the good, the bad, and the ugly
WISICT '04 Proceedings of the winter international synposium on Information and communication technologies
Human selection of mnemonic phrase-based passwords
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Password security: an empirical study
Journal of Management Information Systems
The usability of passphrases for authentication: An empirical field study
International Journal of Human-Computer Studies
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Improving password security and memorability to protect personal and organizational information
International Journal of Human-Computer Studies
Password policy simulation and analysis
Proceedings of the 2007 ACM workshop on Digital identity management
Attitudes and practices of students towards password security
Journal of Computing Sciences in Colleges
Order and entropy in picture passwords
GI '08 Proceedings of graphics interface 2008
A comprehensive simulation tool for the analysis of password policies
International Journal of Information Security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The security of modern password expiration: an algorithmic framework and empirical analysis
Proceedings of the 17th ACM conference on Computer and communications security
Of passwords and people: measuring the effect of password-composition policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Self-reported password sharing strategies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A diary study of password usage in daily life
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using and managing multiple passwords: A week to a view
Interacting with Computers
Client-based authentication technology: user-centric authentication using secure containers
Proceedings of the 7th ACM workshop on Digital identity management
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
How does your password measure up? the effect of strength meters on password creation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
The benefits of understanding passwords
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Building better passwords using probabilistic techniques
Proceedings of the 28th Annual Computer Security Applications Conference
A study of user password strategy for multiple accounts
Proceedings of the third ACM conference on Data and application security and privacy
Effect of grammar on security of long passwords
Proceedings of the third ACM conference on Data and application security and privacy
Protection aspects of iconic passwords on mobile devices
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Statistical metrics for individual password strength
SP'12 Proceedings of the 20th international conference on Security Protocols
Does my password go up to eleven?: the impact of password meters on password selection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Exploring capturable everyday memory for autobiographical authentication
Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing
CASA: context-aware scalable authentication
Proceedings of the Ninth Symposium on Usable Privacy and Security
On the ecological validity of a password study
Proceedings of the Ninth Symposium on Usable Privacy and Security
Measuring password guessability for an entire university
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Pitfalls in the automated strengthening of passwords
Proceedings of the 29th Annual Computer Security Applications Conference
Faces and Pictures: Understanding age differences in two types of graphical authentications
International Journal of Human-Computer Studies
| Hi-index | 0.00 |
Text-based passwords are still the most commonly used authentication mechanism in information systems. We took advantage of a unique opportunity presented by a significant change in the Carnegie Mellon University (CMU) computing services password policy that required users to change their passwords. Through our survey of 470 CMU computer users, we collected data about behaviors and practices related to the use and creation of passwords. We also captured users' opinions about the new, stronger policy requirements. Our analysis shows that, although most of the users were annoyed by the need to create a complex password, they believe that they are now more secure. Furthermore, we perform an entropy analysis and discuss how our findings relate to NIST recommendations for creating a password policy. We also examine how users answer specific questions related to their passwords. Our results can be helpful in designing better password policies that consider not only technical aspects of specific policy rules, but also users' behavior in response to those rules.