Communications of the ACM
Password security: a case history
Communications of the ACM
Doodling our way to better authentication
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Interaction Design
CHI '01 Extended Abstracts on Human Factors in Computing Systems
How to Make Personalized Web Browising Simple, Secure, and Anonymous
FC '97 Proceedings of the First International Conference on Financial Cryptography
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Secrets and Lies: Digital Security in a Networked World
Secrets and Lies: Digital Security in a Networked World
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Security in the wild: user strategies for managing security as an everyday, practical problem
Personal and Ubiquitous Computing
Authentication using graphical passwords: effects of tolerance and image choice
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Looking for trouble: understanding end-user security management
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Security user studies: methodologies and best practices
CHI '07 Extended Abstracts on Human Factors in Computing Systems
Passwords decay, words endure: secure and re-usable multiple password mnemonics
Proceedings of the 2007 ACM symposium on Applied computing
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
TwoKind authentication: protecting private information in untrustworthy environments
Proceedings of the 7th ACM workshop on Privacy in the electronic society
On user involvement in production of images used in visual authentication
Journal of Visual Languages and Computing
A comprehensive study of frequency, interference, and training of multiple graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Guidelines for designing graphical authentication mechanism interfaces
International Journal of Information and Computer Security
Proceedings of the 2008 workshop on New security paradigms
Security and usability: the gap in real-world online banking
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Multiple password interference in text passwords and click-based graphical passwords
Proceedings of the 16th ACM conference on Computer and communications security
Under my pillow: designing security for children's special things
Proceedings of the 23rd British HCI Group Annual Conference on People and Computers: Celebrating People and Technology
Proceedings of the 23rd British HCI Group Annual Conference on People and Computers: Celebrating People and Technology
Musipass: authenticating me softly with "my" song
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Interacting with Computers
Where do security policies come from?
Proceedings of the Sixth Symposium on Usable Privacy and Security
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Exploring usability effects of increasing security in click-based graphical passwords
Proceedings of the 26th Annual Computer Security Applications Conference
The password game: negative externalities from weak password practices
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A diary study of password usage in daily life
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using and managing multiple passwords: A week to a view
Interacting with Computers
Johnny in internet café: user study and exploration of password autocomplete in web browsers
Proceedings of the 7th ACM workshop on Digital identity management
Client-based authentication technology: user-centric authentication using secure containers
Proceedings of the 7th ACM workshop on Digital identity management
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
WebTicket: account management using printable tokens
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
International Journal of Human-Computer Studies
Designing textual password systems for children
Proceedings of the 11th International Conference on Interaction Design and Children
The benefits of understanding passwords
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Strengthening user authentication through opportunistic cryptographic identity assertions
Proceedings of the 2012 ACM conference on Computer and communications security
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Multiple password interference in graphical passwords
International Journal of Information and Computer Security
A study of user password strategy for multiple accounts
Proceedings of the third ACM conference on Data and application security and privacy
Protection aspects of iconic passwords on mobile devices
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
On user perception of safety in online social networks
International Journal of Communication Networks and Distributed Systems
On the ecological validity of a password study
Proceedings of the Ninth Symposium on Usable Privacy and Security
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
The password allocation problem: strategies for reusing passwords effectively
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
Hi-index | 0.00 |
Given the widespread use of password authentication in online correspondence, subscription services, and shopping, there is growing concern about identity theft. When people reuse their passwords across multiple accounts, they increase their vulnerability; compromising one password can help an attacker take over several accounts. Our study of 49 undergraduates quantifies how many passwords they had and how often they reused these passwords. The majority of users had three or fewer passwords and passwords were reused twice. Furthermore, over time, password reuse rates increased because people accumulated more accounts but did not create more passwords. Users justified their habits. While they wanted to protect financial data and personal communication, reusing passwords made passwords easier to manage. Users visualized threats from human attackers, particularly viewing those close to them as the most motivated and able attackers; however, participants did not separate the human attackers from their potentially automated tools. They sometimes failed to realize that personalized passwords such as phone numbers can be cracked given a large enough dictionary and enough tries. We discuss how current systems support poor password practices. We also present potential changes in website authentication systems and password managers.