Password Management Strategies for Online Accounts - PowerPoint PPT Presentation
Title:
Password Management Strategies for Online Accounts
Description:
Password Management Strategies for Online Accounts. Shirley Gaw, Edward W. Felten ... People worry more about human guessing than. automated guessing tools ... – PowerPoint PPT presentation
Number of Views:98
Avg rating:3.0/5.0
Title: Password Management Strategies for Online Accounts
1
Password Management Strategies for Online Accounts
- Shirley Gaw, Edward W. Felten
- Princeton University
2
Abstract
Average number of unique passwords
3.31 (n 49, SD 1.76)
and average reuse 3.18 (SD 2.71)
People will reuse passwords more as they acquire
more accounts
3
Abstract (continued)
Why reuse?
The reused ones were easier to remember
People rely on their memory rather than store
passwords
4
Abstract (continued)
Friends have the greatest ability to attack
passwords
Participants ranked those closest to them as
having the greatest ability to compromise their
passwords
5
Abstract (continued)
Knowing personal information about a victim was
seen as advantageous
People worry more about human guessing
than automated guessing tools
6
Outline
People will reuse passwords more as they acquire
more accounts
Password Reuse
People rely on their memory rather than store
passwords
Reasons for Reuse
Participants ranked those closest to them as
having the greatest ability to compromise their
passwords
Perceptions of Attackers
People worry more about human guessing
than automated guessing tools
Perceptions of Attacks
7
Participants
8
Outline
- Password Reuse
- Reasons for Reuse
- Perceptions of Attackers
- Perceptions of Attack
9
Password Reuse Method
- First Pass
- Select from 139 websites
- Login to each website
- Self-report summary statistics
- Second Pass
- List other websites used personally
- Re-report summary statistics
(n 49)
10
Password Reuse Results
- Unique passwords
- M 3.31, SD 1.76 (n 49)
- Passwords reuse rate
- M 3.18, SD 2.71
11
(No Transcript)
12
(No Transcript)
13
Password Reuse Results
People will reuse passwords more as they acquire
more accounts
14
Outline
- Password Reuse
- Reasons for Reuse
- Perceptions of Attackers
- Perceptions of Attack
15
Reasons for Reuse Method
- 115 question survey
- Demographic information
- Explanations of password reuse/avoidance
- Descriptions of password creation/storage
- Descriptions of password management
(n 58)
16
Reasons for Reuse Results
- Why use a different password?
- Security (12)
- Website has credit card, etc (11)
- Website restricts password format (10)
- Website is important (7)
- Website is in a particular category (4)
- Other (12)
- Why use a different password?
- Security (12)
- Website has credit card, etc (11)
- Website restricts password format (10)
- Website is important (7)
- Website is in a particular category (4)
- Other (12)
I dont like to think that if someone has access
to one of my passwords, she or he could access
all of my information for all of the pages I log
into.
17
Reasons for Reuse Results
- Why use the same password?
- It is easier to remember (35)
18
(No Transcript)
19
(No Transcript)
20
Reasons for Reuse Results
- Why use the same password?
- It is easier to remember (35)
People rely on their memory rather than store
passwords
21
Outline
- Password Reuse
- Reasons for Reuse
- Perceptions of Attackers
- Perceptions of Attack
22
Perceptions of Attackers Method
- Who could compromise password? Rank
- Ability
- Motivation
- Likelihood
- Categories of people
- Friend
- Acquaintance (tech non-tech)
- Competitor
- Insider
- Hacker
(n 56)
23
Most Able Attackers
(n 56)
24
Least Able Attackers
(n 54)
25
Most Motivated Attackers
(n 56)
26
Least Motivated Attackers
(n 56)
27
Most Likely Attackers
(n 56)
28
Least Likely Attackers
(n 55)
29
Likely attackersMotivated or Able?
- Logit regression on ranking responses
- Odds on ranking someone as likely
- Motivation 6.28 x
- Ability 3.82 x
- Thanks to Pierre-Antoine Kremp
30
Perceptions of Attackers Results
Participants ranked those closest to them as
having the greatest ability to compromise their
passwords
31
Outline
- Password Reuse
- Reasons for Reuse
- Perceptions of Attackers
- Perceptions of Attack
32
Perceptions of Attacks Method
- Given
- 13 tips for creating strong passwords
- 3 passwords
- Password construction method
- Task
- Rank passwords by strength
- Explain ranking
(n 56)
33
Perceptions of Attacks Results
PrincetonNJ is too easy for someone to guess if
they know where you live
One would have to know her decently well to know
her favorite novel
34
Perceptions of Attacks Results
People worry more about human guessing
than automated guessing tools
35
Good News / Bad News
- Good news Participants understood the threat
posed by those closest to them - Bad news They didnt understand the threat of
dictionary attacks
36
Good News / Bad News
- Good news Participants were concerned about the
weakness of poor passwords - Good news They relied on their memory rather
than poorly secured storage (ie., paper) - Bad news They feel and act as if they do not
have any better tools or strategies
37
Good News / Bad News
- Good news Participants had few accounts with
password authentication - Bad news They had even fewer passwords
38
Outline
- Password Reuse
- Reasons for Reuse
- Perceptions of Attackers
- Perceptions of Attack
Recommended
CrystalGraphics Presentations
