Shades of Perception- User Factors in Identifying Password Strength
- URL: http://arxiv.org/abs/2001.04930v1
- Date: Tue, 14 Jan 2020 17:45:40 GMT
- Title: Shades of Perception- User Factors in Identifying Password Strength
- Authors: Jason M. Pittman, Nikki Robinson
- Abstract summary: The purpose of this study was to measure whether participant education, profession, and technical skill level exhibited a relationship with identification of password strength.
A Chi-square test of independence was used to measure relationships between education, profession, technical skill level relative to the frequency of weak and strong password identification.
The results demonstrate a need for further investigation into why users continue to rely on weak passwords.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The purpose of this study was to measure whether participant education,
profession, and technical skill level exhibited a relationship with
identification of password strength. Participants reviewed 50 passwords and
labeled each as weak or strong. A Chi-square test of independence was used to
measure relationships between education, profession, technical skill level
relative to the frequency of weak and strong password identification. The
results demonstrate significant relationships across all variable combinations
except for technical skill and strong passwords which demonstrated no
relationship. This research has three limitations. Data collection was
dependent upon participant self-reporting and has limited externalized power.
Further, the instrument was constructed under the assumption that all
participants could read English and understood the concept of password
strength. Finally, we did not control for external tool use (i.e., password
strength meter). The results build upon existing literature insofar as the
outcomes add to the collective understanding of user perception of passwords in
specific and authentication in general. Whereas prior research has explored
similar areas, such work has done so by having participants create passwords.
This work measures perception of pre-generated passwords. The results
demonstrate a need for further investigation into why users continue to rely on
weak passwords. The originality of this work rests in soliciting a broad
spectrum of participants and measuring potential correlations between
participant education, profession, and technical skill level.
Related papers
- Con-ReCall: Detecting Pre-training Data in LLMs via Contrastive Decoding [118.75567341513897]
Existing methods typically analyze target text in isolation or solely with non-member contexts.
We propose Con-ReCall, a novel approach that leverages the asymmetric distributional shifts induced by member and non-member contexts.
arXiv Detail & Related papers (2024-09-05T09:10:38Z) - A Large-Scale Survey of Password Entry Practices on Non-Desktop Devices [2.8698289487200856]
We find that password entry on devices without password managers is a common occurrence and comes with significant usability challenges.
These challenges lead users to weaken their passwords to increase the ease of entry.
We conclude this paper with a discussion of how future research could address these challenges and encourage users to adopt generated passwords.
arXiv Detail & Related papers (2024-09-04T19:28:36Z) - Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords.
Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
arXiv Detail & Related papers (2024-05-24T07:51:15Z) - Protecting Copyrighted Material with Unique Identifiers in Large Language Model Training [55.321010757641524]
A major public concern regarding the training of large language models (LLMs) is whether they abusing copyrighted online text.
Previous membership inference methods may be misled by similar examples in vast amounts of training data.
We propose an alternative textitinsert-and-detection methodology, advocating that web users and content platforms employ textbftextitunique identifiers.
arXiv Detail & Related papers (2024-03-23T06:36:32Z) - PassGPT: Password Modeling and (Guided) Generation with Large Language
Models [59.11160990637616]
We present PassGPT, a large language model trained on password leaks for password generation.
We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
arXiv Detail & Related papers (2023-06-02T13:49:53Z) - Targeted Honeyword Generation with Language Models [5.165256397719443]
Honeywords are fictitious passwords inserted into databases to identify password breaches.
Major difficulty is how to produce honeywords that are difficult to distinguish from real passwords.
arXiv Detail & Related papers (2022-08-15T00:06:29Z) - Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection [44.040106718326605]
The choice of password composition policy to enforce on a password-protected system represents a critical security decision.
In practice, this choice is not usually rigorous or justifiable, with a tendency for system administrators to choose password composition policies based on intuition alone.
We propose a novel methodology that draws on password probability distributions constructed from large sets of real-world password data.
arXiv Detail & Related papers (2020-07-07T22:12:13Z) - Interpretable Probabilistic Password Strength Meters via Deep Learning [13.97315111128149]
We show that probabilistic password meters inherently own the capability of describing the latent relation occurring between password strength and password structure.
Unlike existing constructions, our method is free from any human bias, and, more importantly, its feedback has a probabilistic interpretation.
arXiv Detail & Related papers (2020-04-15T16:05:50Z) - Lost in Disclosure: On The Inference of Password Composition Policies [43.17794589897313]
We study how password composition policies influence the distribution of user-chosen passwords on a system.
We suggest a simple approach that produces more reliable results.
We present pol-infer, a tool that implements this approach, and demonstrates its use inferring password composition policies.
arXiv Detail & Related papers (2020-03-12T15:27:00Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.