Visible to the public Biblio

Filters: Author is Ross Koppel, University of Southern California  [Clear All Filters]
2017-07-18
Christopher Novak, Dartmouth College, Jim Blythe, University of Southern Califonia, Ross Koppel, University of Southern California, Vijay Kothari, Dartmouth College, Sean Smith, Dartmouth College.  2017.  Modeling Aggregate Security with User Agents that Employ Password Memorization Techniques. Symposium On Usable Privacy and Security (SOUPS 2017).

We discuss our ongoing work with an agent-based password simulation which models how site-enforced password requirements a ect aggregate security when people interact with multiple authentication systems. We model two password memorization techniques: passphrase generation and spaced repetition. Our simulation suggests system-generated passphrases lead to lower aggregate security across services that enforce even moderate password requirements. Furthermore, allowing users to expand their password length over time via spaced repetition increases aggregate security.

Ross Koppel, University of Southern California, Jim Blythe, University of Southern Califonia, Vijay Kothari, Dartmouth College, Sean Smith, Dartmouth College.  2017.  Password Logbooks and What Their Amazon Reviews Reveal About the Users’ Motivations, Beliefs, and Behaviors. 2nd European Workshop on Useable Security (EuroUSEC 2017).

The existence of and market for notebooks designedfor users to write down passwords illuminates a sharp contrast: what is often prescribed as proper password behavior—e.g., never write down passwords—differs from what many users actually do. These password logbooks and their reviews provide many unique and surprising insights into their users’ beliefs, motivations, and behaviors. We examine the password logbooks and analyze, using grounded theory, their reviews, to better understand how these users think and behave with respectto password authentication. Several themes emerge including: previous password management strategies, gifting, organizational strategies, password sharing, and dubious security advice. Some users argue these books enhance security.