Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems 2017
DOI: 10.1145/3025453.3026050
|View full text |Cite
|
Sign up to set email alerts
|

Design and Evaluation of a Data-Driven Password Meter

Abstract: Despite their ubiquity, many password meters provide inaccurate strength estimates. Furthermore, they do not explain to users what is wrong with their password or how to improve it. We describe the development and evaluation of a data-driven password meter that provides accurate strength measurement and actionable, detailed feedback to users. This meter combines neural networks and numerous carefully combined heuristics to score passwords and generate data-driven text feedback about the user's password. We des… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

4
101
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
5
2
2

Relationship

1
8

Authors

Journals

citations
Cited by 106 publications
(105 citation statements)
references
References 28 publications
4
101
0
Order By: Relevance
“…The findings align with other recent work in the domain, most notably a study from Segreti et al (2017) that present adaptive password creation policies that can dynamically change the requirements over time and a study from Ur et al (2017), with a password meter offering real-time feedback and advice to help users refine their password choices. As with Experiment 2, the principle here is not to just indicate that a password is weak, but to explain why and (importantly) what to do in order to improve it.…”
Section: Findings and Implicationssupporting
confidence: 88%
“…The findings align with other recent work in the domain, most notably a study from Segreti et al (2017) that present adaptive password creation policies that can dynamically change the requirements over time and a study from Ur et al (2017), with a password meter offering real-time feedback and advice to help users refine their password choices. As with Experiment 2, the principle here is not to just indicate that a password is weak, but to explain why and (importantly) what to do in order to improve it.…”
Section: Findings and Implicationssupporting
confidence: 88%
“…This paucity of knowledge contrasts with the large and rich literature investigating the design of warnings and notifications about other security-critical tasks, including detecting phishing [11,53], TLS-protected browsing [2,15], malware [6,7], and two-factor authentication (2FA) [48]. Many studies have aimed to help users make better passwords [12,40,59] or measured the prevalence of password reuse [10,32,46,57]. This paper is the first to explore how to inform users about situations caused by password reuse and help them recover from the resultant consequences.…”
Section: Introductionmentioning
confidence: 99%
“…Password meters are helpful in this area but are not sufficient. Researchers have found that a data-driven meter with detailed feedback leads users to create more secure and, just as importantly, passwords that are equally memorable [23]. Furthermore, NIST's current publication requires that users who select a blacklisted password should be advised to select another one: 'If the chosen secret is found in the list, the CSP or verifier SHALL advise the subscriber that they need to select a different secret' [39].…”
Section: F E E D B a C Kmentioning
confidence: 99%