Improving text passwords through persuasion

Symposium On Usable Privacy and Security Pub Date : 2008-07-23 DOI:10.1145/1408664.1408666

Alain Forget, S. Chiasson, P. V. Oorschot, R. Biddle

{"title":"Improving text passwords through persuasion","authors":"Alain Forget, S. Chiasson, P. V. Oorschot, R. Biddle","doi":"10.1145/1408664.1408666","DOIUrl":null,"url":null,"abstract":"Password restriction policies and advice on creating secure passwords have limited effects on password strength. Influencing users to create more secure passwords remains an open problem. We have developed Persuasive Text Passwords (PTP), a text password creation system which leverages Persuasive Technology principles to influence users in creating more secure passwords without sacrificing usability. After users choose a password during creation, PTP improves its security by placing randomly-chosen characters at random positions into the password. Users may shuffle to be presented with randomly-chosen and positioned characters until they find a combination they feel is memorable. In this paper, we present an 83-participant user study testing four PTP variations. Our results show that the PTP variations significantly improved the security of users' passwords. We also found that those participants who had a high number of random characters placed into their passwords would deliberately choose weaker pre-improvement passwords to compensate for the memory load. As a consequence of this compensatory behaviour, there was a limit to the gain in password security achieved by PTP.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"190","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1408664.1408666","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 190

Abstract

Password restriction policies and advice on creating secure passwords have limited effects on password strength. Influencing users to create more secure passwords remains an open problem. We have developed Persuasive Text Passwords (PTP), a text password creation system which leverages Persuasive Technology principles to influence users in creating more secure passwords without sacrificing usability. After users choose a password during creation, PTP improves its security by placing randomly-chosen characters at random positions into the password. Users may shuffle to be presented with randomly-chosen and positioned characters until they find a combination they feel is memorable. In this paper, we present an 83-participant user study testing four PTP variations. Our results show that the PTP variations significantly improved the security of users' passwords. We also found that those participants who had a high number of random characters placed into their passwords would deliberately choose weaker pre-improvement passwords to compensate for the memory load. As a consequence of this compensatory behaviour, there was a limit to the gain in password security achieved by PTP.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

通过说服改进文本密码

密码限制策略和创建安全密码的建议对密码强度的影响有限。影响用户创建更安全的密码仍然是一个悬而未决的问题。我们开发了有说服力的文本密码(PTP)，这是一个文本密码创建系统，它利用有说服力的技术原则来影响用户创建更安全的密码，而不会牺牲可用性。用户在创建过程中选择密码后，PTP通过在密码中随机位置放置随机选择的字符来提高安全性。用户可能会随机选择和定位字符，直到找到他们觉得难忘的组合。在本文中，我们提出了一个83参与者的用户研究测试四个PTP变化。我们的研究结果表明，PTP的变化显著提高了用户密码的安全性。我们还发现，那些在密码中放入大量随机字符的参与者会故意选择较弱的改进前密码，以补偿内存负荷。作为这种补偿行为的结果，PTP在密码安全性方面的收益是有限的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Symposium On Usable Privacy and Security

自引率

0.00%

发文量