Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University.

Published byRussell Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University."— Presentation transcript:

1 Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University

2 Abstract Average number of unique passwords 3.31 (n = 49, SD = 1.76) …and average reuse 3.18 (SD = 2.71) People will reuse passwords more as they acquire more accounts

3 Abstract (continued) Why reuse? The reused ones were easier to remember People rely on their memory rather than store passwords

4 Abstract (continued) Friends have the greatest ability to attack passwords Participants ranked those closest to them as having the greatest ability to compromise their passwords

5 Abstract (continued) People worry more about human guessing than automated guessing tools Knowing personal information about a victim was seen as advantageous

6 Outline People will reuse passwords more as they acquire more accounts People rely on their memory rather than store passwords Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attacks People worry more about human guessing than automated guessing tools Participants ranked those closest to them as having the greatest ability to compromise their passwords

7 58 18 40 49 16 33 Participants

8 Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

9 Password Reuse: Method First Pass: Select from 139 websites Login to each website Self-report summary statistics Second Pass: List other websites used personally Re-report summary statistics (n = 49)

10 Password Reuse: Results Unique passwords M = 3.31, SD = 1.76 (n = 49) Passwords reuse rate M = 3.18, SD = 2.71

11

12

13 Password Reuse: Results People will reuse passwords more as they acquire more accounts

14 Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

15 Reasons for Reuse: Method 115 question survey Demographic information Explanations of password reuse/avoidance Descriptions of password creation/storage Descriptions of password management (n = 58)

16 Reasons for Reuse: Results Why use a different password? Security (12) Website has credit card, etc (11) Website restricts password format (10) Website is important (7) Website is in a particular category (4) Other (12) I don’t like to think that if someone has access to one of my passwords, she or he could access all of my information for all of the pages I log into. Why use a different password? Security (12) Website has credit card, etc (11) Website restricts password format (10) Website is important (7) Website is in a particular category (4) Other (12)

17 Reasons for Reuse: Results Why use the same password? It is easier to remember (35)

18

19

20 Reasons for Reuse: Results Why use the same password? It is easier to remember (35) People rely on their memory rather than store passwords

21 Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

22 Perceptions of Attackers: Method Who could compromise password? Rank –Ability –Motivation –Likelihood Categories of people –Friend –Acquaintance (tech & non-tech) –Competitor –Insider –Hacker (n = 56)

23 Most Able Attackers (n = 56)

24 Least Able Attackers (n = 54)

25 Most Motivated Attackers (n = 56)

26 Least Motivated Attackers (n = 56)

27 Most Likely Attackers (n = 56)

28 Least Likely Attackers (n = 55)

29 Likely attackers: Motivated or Able? Logit regression on ranking responses * Odds on ranking someone as likely –Motivation: 6.28 x –Ability: 3.82 x *Thanks to Pierre-Antoine Kremp

30 Perceptions of Attackers: Results Participants ranked those closest to them as having the greatest ability to compromise their passwords

31 Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

32 Perceptions of Attacks: Method Given: 13 tips for creating strong passwords –3 passwords –Password construction method Task: Rank passwords by strength Explain ranking (n = 56)

33 Perceptions of Attacks: Results PrincetonNJ is too easy for someone to guess if they know where you live One would have to know her decently well to know her favorite novel

34 Perceptions of Attacks: Results People worry more about human guessing than automated guessing tools

35 Good News / Bad News Good news: Participants understood the threat posed by those closest to them Bad news: They didn’t understand the threat of dictionary attacks

36 Good News / Bad News Good news: Participants were concerned about the weakness of poor passwords Good news: They relied on their memory rather than poorly secured storage (ie., paper) Bad news: They feel and act as if they do not have any better tools or strategies

37 Good News / Bad News Good news: Participants had few accounts with password authentication Bad news: They had even fewer passwords

38 Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

Download ppt "Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.

STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.
Authentication and Constructing Strong Passwords.

Authentication and Constructing Strong Passwords.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.

Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.
Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.

Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.
1 Password Management Strategies for Online Accounts Shirley Gaw and Edward W. Felten Department of Computer Science Princeton University Sandhya Jognipalli.

1 Password Management Strategies for Online Accounts Shirley Gaw and Edward W. Felten Department of Computer Science Princeton University Sandhya Jognipalli.
AUTHENTICATION TASK FORCE NEEDS ASSESSMENT PRESENTATION OF RESEARCH PRESENTED TO THE MASSACHUSETTS BOARD OF LIBRARY COMMISSIONERS (MBLC) SUBMITTED BY Anne.

AUTHENTICATION TASK FORCE NEEDS ASSESSMENT PRESENTATION OF RESEARCH PRESENTED TO THE MASSACHUSETTS BOARD OF LIBRARY COMMISSIONERS (MBLC) SUBMITTED BY Anne.
2014-2005. Today’s Objective: I will create a strong, private password.

Today’s Objective: I will create a strong, private password.
STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.

STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Password Management PA Turnpike Commission

Password Management PA Turnpike Commission
PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.

PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO-0901223488 Under the guidance of Mrs. Chinmayee Behera.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
On the Security of Picture Gesture Authentication Ziming Zhao †‡, Gail-Joon Ahn †‡, Jeong-Jin Seo †, Hongxin Hu § † Arizona State University ‡ GFS Technology.

On the Security of Picture Gesture Authentication Ziming Zhao †‡, Gail-Joon Ahn †‡, Jeong-Jin Seo †, Hongxin Hu § † Arizona State University ‡ GFS Technology.
This is the Home Page where you can either join kcwc or log on to the website if you are already a member.

This is the Home Page where you can either join kcwc or log on to the website if you are already a member.
UBC Department of Finance Campus Community Customer Service Survey Forum Presentation March 1, 2004.

UBC Department of Finance Campus Community Customer Service Survey Forum Presentation March 1, 2004.
Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.

Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.

Similar presentations

Ads by Google