Proceedings of the SIGCHI Conference on Human Factors in Computing Systems 2013
DOI: 10.1145/2470654.2481329
|View full text |Cite
|
Sign up to set email alerts
|

Does my password go up to eleven?

Abstract: Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. We observed that the presence of meters yielded significantly stronger passwords. We performed a followup field experiment to test a different scenario: creating a password for an unimportant account. … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

2
35
0

Year Published

2014
2014
2019
2019

Publication Types

Select...
5
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 132 publications
(37 citation statements)
references
References 19 publications
2
35
0
Order By: Relevance
“…For example, activating Login Approvals would require people to spend an extra few seconds every time they "logged in" to their Facebook accounts. Taken together with the previous finding that people generally only enact security and privacy related behavior change after personally experiencing or hearing about a threat [9], and Egelman and colleagues' finding that a "peer pressure" password meter did not raise people's motivation to create stronger passwords relative to a non-social password meter [14], we expected that, in the short term, there would be no difference in security feature adoption rate among those who view social and non-social announcements.…”
Section: Hypothesessupporting
confidence: 58%
See 2 more Smart Citations
“…For example, activating Login Approvals would require people to spend an extra few seconds every time they "logged in" to their Facebook accounts. Taken together with the previous finding that people generally only enact security and privacy related behavior change after personally experiencing or hearing about a threat [9], and Egelman and colleagues' finding that a "peer pressure" password meter did not raise people's motivation to create stronger passwords relative to a non-social password meter [14], we expected that, in the short term, there would be no difference in security feature adoption rate among those who view social and non-social announcements.…”
Section: Hypothesessupporting
confidence: 58%
“…Taken together, all this prior work strongly suggests that increasing the observability of friends' security feature use can heighten people's security sensitivity, though Egelman and colleagues' [14] null result with their peer pressure password meter suggests that the specificity and framing of social information may moderate its effect. To test these conjectures, in this work, we sought to answer the following questions: (1) Does increasing the observability of security feature usage drive the exploration and adoption of security features?…”
Section: Introductionmentioning
confidence: 96%
See 1 more Smart Citation
“…Florencio and Herley (2007:657) found that the average computer user has 25 password-protected accounts. As the use of password-protected systems increases, the usability of the passwords decease as human memory limitations place a strain on the memory of computer users who have to remember their numerous passwords to access these systems (Chiasson & Biddle 2007:1;Egelman et al 2013). With more systems and services requiring users to identify and authenticate themselves online, the desire to select memorable passwords only increases as the number of passwords required increases.…”
Section: The Responsibility Of the Computer Usermentioning
confidence: 99%
“…With more systems and services requiring users to identify and authenticate themselves online, the desire to select memorable passwords only increases as the number of passwords required increases. Even more disconcerting is the enforced lifetime policies and composition characteristics that in isolation (user and system) leads to stronger passwords, but at user level often leads to multiple uses of the same password (Egelman et al 2013), thereby increasing risk. Notoatmodjo and Thomborson (2009:71) refer to computer users suffering from 'password overload' and suggest that this is a major contributor to unsafe password practices.…”
Section: The Responsibility Of the Computer Usermentioning
confidence: 99%