| Title | Design and Evaluation of a Data-Driven Password Meter |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Ur, Blase, Alfieri, Felicia, Aung, Maung, Bauer, Lujo, Christin, Nicolas, Colnago, Jessica, Cranor, Lorrie Faith, Dixon, Henry, Emami Naeini, Pardis, Habib, Hana, Johnson, Noah, Melicher, William |
| Conference Name | Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4655-9 |
| Keywords | data-driven, feedback, meter, passwords, pubcrawl, Resiliency, Scalability, Security Heuristics, usable security |
| Abstract | Despite their ubiquity, many password meters provide inaccurate strength estimates. Furthermore, they do not explain to users what is wrong with their password or how to improve it. We describe the development and evaluation of a data-driven password meter that provides accurate strength measurement and actionable, detailed feedback to users. This meter combines neural networks and numerous carefully combined heuristics to score passwords and generate data-driven text feedback about the user's password. We describe the meter's iterative development and final design. We detail the security and usability impact of the meter's design dimensions, examined through a 4,509-participant online study. Under the more common password-composition policy we tested, we found that the data-driven meter with detailed feedback led users to create more secure, and no less memorable, passwords than a meter with only a bar as a strength indicator. |
| URL | http://doi.acm.org/10.1145/3025453.3026050 |
| DOI | 10.1145/3025453.3026050 |
| Citation Key | ur_design_2017 |
Design and Evaluation of a Data-Driven Password Meter