Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University.

Slides:



Advertisements
Similar presentations
Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Advertisements

STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.
Authentication and Constructing Strong Passwords.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.
Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.
1 Password Management Strategies for Online Accounts Shirley Gaw and Edward W. Felten Department of Computer Science Princeton University Sandhya Jognipalli.
AUTHENTICATION TASK FORCE NEEDS ASSESSMENT PRESENTATION OF RESEARCH PRESENTED TO THE MASSACHUSETTS BOARD OF LIBRARY COMMISSIONERS (MBLC) SUBMITTED BY Anne.
Today’s Objective: I will create a strong, private password.
STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Password Management PA Turnpike Commission
PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
On the Security of Picture Gesture Authentication Ziming Zhao †‡, Gail-Joon Ahn †‡, Jeong-Jin Seo †, Hongxin Hu § † Arizona State University ‡ GFS Technology.
This is the Home Page where you can either join kcwc or log on to the website if you are already a member.
UBC Department of Finance Campus Community Customer Service Survey Forum Presentation March 1, 2004.
Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.
Staying Safe Online Keep your Information Secure.
Personal Safety Unit - Level 7. The Internet is not anonymous. Your address, screen name, and password serve as barriers between you and others.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Dangers of the Internet CEL : C O M P U T E R S I N E V E R Y D A Y L I F E CEL 1 Dangers of the Internet Name: ____________________ Class: ________________.
Introduction to eChalk For Students. What is eChalk? eChalk’s unique online learning environment provides your school with its own electronic “town square”
Lecture 11: Strong Passwords
Password Security Everything (well… a lot, anyway) you didn’t know, or want to, but really actually need to.
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Securing the Network.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
How can a secure password help you protect your private information? Strong Passwords Hueneme Elementary School District Digital Citizenship 4th Grade.
Common Sense Media Unit 3 – Lesson 1 Category: Privacy & Security.
MMTK Access control. Session overview Introduction to access control Passwords –Computers –Files –Online spaces and networks Firewalls.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Information System Security. Agenda Survey Results Social Networking Multi-Factor Authentication & Passwords Phishing Schemes Cyber Bullying Advice.
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
Quote, Summary, and Paraphrase. Quote, Summary, & Paraphrase. In your research paper, you must include at least four pieces of cited information (i.e.
XtraPlan “Free Membership” Registration Click on the Register button.
Internet Safety. Phishing, Trojans, Spyware, Trolls, and Flame Wars—oh my! If the idea of these threats lurking around online makes you nervous, then.
User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown.
Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.
WEBSITES AND ADDRESS RELATIONSHIP By: Nahed Alnahash Dr. Wenjin Zhou.
Building Structures. Building Relationships. Passwords February 2010 Marshall Tuck.
1 Combatting Breach Fatigue Presented to MidSouth Users Group October 2015.
It is this sort of problem You are here Things can go bad in a hurry…
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
Jeremiah Blocki, Saranga Komanduri, Lorrie Cranor, Anupam Datta Presented by Lihua Ren.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
Password Theft By: Markie Jones. Road Map Do’s Do Not’s What can someone do with it? How do they get it? Who’s most at risk? When & Where are consumers.
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
What do you think? The most effective method for assessing my students is to use a large end of unit test.
The internet is a place of both useful and bad information. It has both good and bad side- and it’s all too easy for kids to stray into it. And no parents/guardian.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Understanding Security Policies Lesson 3. Objectives.
Digital Citizenship Unit 2 Lesson 1: Strong Passwords
PASSWORD SECURITY A Melbourne Athenaeum Library
Dove science academy Cyber Club
Taken from Hazim Almuhimedi presentation modified by Graciela Perera
3.6 Fundamentals of cyber security
Forensics Week 11.
STOP. THINK. CONNECT. Online Safety Quiz.
DOVE SCIENCE ACADEMY CYBER CLUB
Lesson 2: Epic Security Considerations
Lesson 2: Epic Security Considerations
Lesson 2: Epic Security Considerations
1. To register in the system, the educator will click on the NCDPI Registration link on the log-in page.
1. To register in the system, the educator will click on the NCDPI Registration link on the log-in page.
Anna Adams Martina Angela Sasse
Getting Started With LastPass Enterprise
Presentation transcript:

Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University

Abstract Average number of unique passwords 3.31 (n = 49, SD = 1.76) …and average reuse 3.18 (SD = 2.71) People will reuse passwords more as they acquire more accounts

Abstract (continued) Why reuse? The reused ones were easier to remember People rely on their memory rather than store passwords

Abstract (continued) Friends have the greatest ability to attack passwords Participants ranked those closest to them as having the greatest ability to compromise their passwords

Abstract (continued) People worry more about human guessing than automated guessing tools Knowing personal information about a victim was seen as advantageous

Outline People will reuse passwords more as they acquire more accounts People rely on their memory rather than store passwords Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attacks People worry more about human guessing than automated guessing tools Participants ranked those closest to them as having the greatest ability to compromise their passwords

Participants

Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

Password Reuse: Method First Pass: Select from 139 websites Login to each website Self-report summary statistics Second Pass: List other websites used personally Re-report summary statistics (n = 49)

Password Reuse: Results Unique passwords M = 3.31, SD = 1.76 (n = 49) Passwords reuse rate M = 3.18, SD = 2.71

Password Reuse: Results People will reuse passwords more as they acquire more accounts

Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

Reasons for Reuse: Method 115 question survey Demographic information Explanations of password reuse/avoidance Descriptions of password creation/storage Descriptions of password management (n = 58)

Reasons for Reuse: Results Why use a different password? Security (12) Website has credit card, etc (11) Website restricts password format (10) Website is important (7) Website is in a particular category (4) Other (12) I don’t like to think that if someone has access to one of my passwords, she or he could access all of my information for all of the pages I log into. Why use a different password? Security (12) Website has credit card, etc (11) Website restricts password format (10) Website is important (7) Website is in a particular category (4) Other (12)

Reasons for Reuse: Results Why use the same password? It is easier to remember (35)

Reasons for Reuse: Results Why use the same password? It is easier to remember (35) People rely on their memory rather than store passwords

Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

Perceptions of Attackers: Method Who could compromise password? Rank –Ability –Motivation –Likelihood Categories of people –Friend –Acquaintance (tech & non-tech) –Competitor –Insider –Hacker (n = 56)

Most Able Attackers (n = 56)

Least Able Attackers (n = 54)

Most Motivated Attackers (n = 56)

Least Motivated Attackers (n = 56)

Most Likely Attackers (n = 56)

Least Likely Attackers (n = 55)

Likely attackers: Motivated or Able? Logit regression on ranking responses * Odds on ranking someone as likely –Motivation: 6.28 x –Ability: 3.82 x *Thanks to Pierre-Antoine Kremp

Perceptions of Attackers: Results Participants ranked those closest to them as having the greatest ability to compromise their passwords

Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

Perceptions of Attacks: Method Given: 13 tips for creating strong passwords –3 passwords –Password construction method Task: Rank passwords by strength Explain ranking (n = 56)

Perceptions of Attacks: Results PrincetonNJ is too easy for someone to guess if they know where you live One would have to know her decently well to know her favorite novel

Perceptions of Attacks: Results People worry more about human guessing than automated guessing tools

Good News / Bad News Good news: Participants understood the threat posed by those closest to them Bad news: They didn’t understand the threat of dictionary attacks

Good News / Bad News Good news: Participants were concerned about the weakness of poor passwords Good news: They relied on their memory rather than poorly secured storage (ie., paper) Bad news: They feel and act as if they do not have any better tools or strategies

Good News / Bad News Good news: Participants had few accounts with password authentication Bad news: They had even fewer passwords

Outline Password Reuse Reasons for Reuse Perceptions of Attackers Perceptions of Attack

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.