Usable Security

Read the paper here.

This study of password use surveyed about 50 Princeton undergraduates.  The participants had, on average, about 3 passwords, they acquire more accounts over time, and they reuse their passwords more as they acquire more accounts.  Participants most commonly rely on their memory to recall passwords, and not using software tools.  The most commonly used software features are password reminders or cookies.

When asked, more than half the respondents said a friend would be the most able attacker.  However, 35% also said that a “hacker” would be the least able attacker.  About a third rated a hacker as the most motivated attacker, a third rated a friend as the most motivated.  But also, about a third rated a hacker as the least motivated attacker, and a third rated a friend as the least motivated attacker.

It seems that people understood the threat posed by those closest to them, but they don’t seem to understand the possibility dictionary attacks.  Participants were concerned about the weakness of poor passwords, but they think and act as if they don’t have other tools available to them.

This entry was posted on Thursday, July 13, 2006 at 10:01 under Authentication, General, Studies. You can leave a comment here or trackback from your own site. Use the comment feed to follow comments on this entry.