Sciweavers

SOUPS
2010
ACM

Encountering stronger password requirements: user attitudes and behaviors

14 years 4 months ago
Encountering stronger password requirements: user attitudes and behaviors
Text-based passwords are still the most commonly used authentication mechanism in information systems. We took advantage of a unique opportunity presented by a significant change in the Carnegie Mellon University (CMU) computing services password policy that required users to change their passwords. Through our survey of 470 CMU computer users, we collected data about behaviors and practices related to the use and creation of passwords. We also captured users’ opinions about the new, stronger policy requirements. Our analysis shows that, although most of the users were annoyed by the need to create a complex password, they believe that they are now more secure. Furthermore, we perform an entropy analysis and discuss how our findings relate to NIST† recommendations for creating a password policy. We also examine how users answer specific questions related to their passwords. Our results can be helpful in designing better password policies that consider not only technical aspects...
Richard Shay, Saranga Komanduri, Patrick Gage Kell
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2010
Where SOUPS
Authors Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor
Comments (0)