User-friendly password methods for computer-mediated information systems
Computers and Security
Passwords in use in a university timesharing environment
Computers and Security
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Public-key cryptography and password protocols
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Communications of the ACM
Password security: a case history
Communications of the ACM
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Biometrics — Real Identities for a Virtual World
BT Technology Journal
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The password game: negative externalities from weak password practices
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
A study of user password strategy for multiple accounts
Proceedings of the third ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
The security of many computer systems hinges on the secrecy of a single word - if an adversary obtains knowledge of a password, they will gain access to the resources controlled by this password. Human users are the 'weakest link' in password control, due to our propensity to reuse passwords and to create weak ones. Policies which forbid such unsafe password practices are often violated, even if these policies are well-advertised. We have studied how users perceive their accounts and their passwords. Our participants mentally classified their accounts and passwords into a few groups, based on a small number of perceived similarities. Our participants used stronger passwords, and reused passwords less, in account groups which they considered more important. Our participants thus demonstrated awareness of the basic tenets of password safety, but they did not behave safely in all respects. Almost half of our participants reused at least one of the passwords in their high-importance accounts. Our findings add to the body of evidence that a typical computer user suffers from 'password overload'. Our concepts of password and account grouping point the way toward more intuitive user interfaces for password-and account-management systems.