Password Management Strategies for Online Accounts Shirley Gaw
- Slides: 38
Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University
Abstract Average number of unique passwords 3. 31 (n = 49, SD = 1. 76) …and average reuse 3. 18 (SD = 2. 71) People will reuse passwords more as they acquire more accounts
Abstract (continued) Why reuse? The reused ones were easier to remember People rely on their memory rather than store passwords
Abstract (continued) Friends have the greatest ability to attack passwords Participants ranked those closest to them as having the greatest ability to compromise their passwords
Abstract (continued) Knowing personal information about a victim was seen as advantageous People worry more about human guessing than automated guessing tools
Outline People will. Password reuse passwords Reuse more as they acquire more accounts People rely on their memory rather Reasons Reuse than storefor passwords Participants ranked those closest to Perceptions Attackers them as having theof greatest ability to compromise their passwords People worry more about human Perceptions Attacks guessingofthan automated guessing tools
Participants 18 16 58 49 40 33
Outline • Password Reuse • Reasons for Reuse • Perceptions of Attackers • Perceptions of Attack
Password Reuse: Method First Pass: (n = 49) • Select from 139 websites • Login to each website • Self-report summary statistics Second Pass: • List other websites used personally • Re-report summary statistics
Password Reuse: Results Unique passwords M = 3. 31, SD = 1. 76 (n = 49) Passwords reuse rate M = 3. 18, SD = 2. 71
Password Reuse: Results People will reuse passwords more as they acquire more accounts
Outline • Password Reuse • Reasons for Reuse • Perceptions of Attackers • Perceptions of Attack
Reasons for Reuse: Method 115 question survey (n = 58) • Demographic information • Explanations of password reuse/avoidance • Descriptions of password creation/storage • Descriptions of password management
Reasons for Reuse: Results Why use a different password? I don’t • Security (12) like to think that if someone has access to one of • Website has credit card, etc (11) my passwords, she or he could • Website restricts password format (10) access all of my information • Website is important (7) for all of the pages I log into. • Website is in a particular category (4) • Other (12)
Reasons for Reuse: Results Why use the same password? It is easier to remember (35)
Reasons for Reuse: Results Why use the same password? It is easier to remember (35) People rely on their memory rather than store passwords
Outline • Password Reuse • Reasons for Reuse • Perceptions of Attackers • Perceptions of Attack
Perceptions of Attackers: Method • Who could compromise password? Rank – Ability – Motivation – Likelihood • Categories of people – – – Friend Acquaintance (tech & non-tech) Competitor Insider Hacker (n = 56)
(n = 56) Most Able Attackers
(n = 54) Least Able Attackers
(n = 56) Most Motivated Attackers
(n = 56) Least Motivated Attackers
(n = 56) Most Likely Attackers
(n = 55) Least Likely Attackers
Likely attackers: Motivated or Able? • Logit regression on ranking responses* • Odds on ranking someone as likely – Motivation: 6. 28 x – Ability: 3. 82 x *Thanks to Pierre-Antoine Kremp
Perceptions of Attackers: Results Participants ranked those closest to them as having the greatest ability to compromise their passwords
Outline • Password Reuse • Reasons for Reuse • Perceptions of Attackers • Perceptions of Attack
Perceptions of Attacks: Method Given: (n = 56) 13 tips for creating strong passwords – 3 passwords – Password construction method Task: • Rank passwords by strength • Explain ranking
Perceptions of Attacks: Results Princeton. NJ is too easy for someone to guess if they know where you live One would have to know her decently well to know her favorite novel
Perceptions of Attacks: Results People worry more about human guessing than automated guessing tools
Good News / Bad News • Good news: Participants understood the threat posed by those closest to them • Bad news: They didn’t understand the threat of dictionary attacks
Good News / Bad News • Good news: Participants were concerned about the weakness of poor passwords • Good news: They relied on their memory rather than poorly secured storage (ie. , paper) • Bad news: They feel and act as if they do not have any better tools or strategies
Good News / Bad News • Good news: Participants had few accounts with password authentication • Bad news: They had even fewer passwords
Outline • Password Reuse • Reasons for Reuse • Perceptions of Attackers • Perceptions of Attack
Shirley gaw
Shirley gaw
Gaw linth
Ui detma
Slidetodoc
Kontinuitetshantering i praktiken
Typiska novell drag
Nationell inriktning för artificiell intelligens
Returpilarna
Varför kallas perioden 1918-1939 för mellankrigstiden
En lathund för arbete med kontinuitetshantering
Kassaregister ideell förening
Tidbok
Sura för anatom
Densitet vatten
Datorkunskap för nybörjare
Tack för att ni lyssnade bild
Att skriva debattartikel
Magnetsjukhus
Nyckelkompetenser för livslångt lärande
Påbyggnader för flakfordon
Formel för lufttryck
Publik sektor
Jag har gått inunder stjärnor text
Presentera för publik crossboss
Jiddisch
Vem räknas som jude
Klassificeringsstruktur för kommunala verksamheter
Mjälthilus
Claes martinsson
Centrum för kunskap och säkerhet
Verifikationsplan
Mat för idrottare
Verktyg för automatisering av utbetalningar
Rutin för avvikelsehantering
Smärtskolan kunskap för livet
Ministerstyre för och nackdelar
Tack för att ni har lyssnat
Hur ser ett referat ut
