A Large-Scale Survey of Password Entry Practices on Non-Desktop Devices

• URL: http://arxiv.org/abs/2409.03044v1
• Date: Wed, 4 Sep 2024 19:28:36 GMT
• Title: A Large-Scale Survey of Password Entry Practices on Non-Desktop Devices
• Authors: John Sadik, Scott Ruoti,
• Abstract summary: We find that password entry on devices without password managers is a common occurrence and comes with significant usability challenges. These challenges lead users to weaken their passwords to increase the ease of entry. We conclude this paper with a discussion of how future research could address these challenges and encourage users to adopt generated passwords.
• Score: 2.8698289487200856
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Password managers encourage users to generate passwords to improve their security. However, research has shown that users avoid generating passwords, often giving the rationale that it is difficult to enter generated passwords on devices without a password manager. In this paper, we conduct a survey ($n=999$) of individuals from the US, UK, and Europe, exploring the range of devices on which they enter passwords and the challenges associated with password entry on those devices. We find that password entry on devices without password managers is a common occurrence and comes with significant usability challenges. These usability challenges lead users to weaken their passwords to increase the ease of entry. We conclude this paper with a discussion of how future research could address these challenges and encourage users to adopt generated passwords.

Related papers

• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities. This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users. An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• Online Authentication Habits of Indian Users [1.5354118838872373]
  We conducted a survey with 90 participants residing in India to better understand the mindset of people on using password managers and two-factor authentication (2FA) Our findings suggest that a majority of the participants have used 2FA and password managers in some form, although they are sometimes unaware of their formal names. The primary motivation for using password managers is the convenience of auto-filling. However, some participants avoid using password managers due to a lack of trust in these tools.
  arXiv  Detail & Related papers  (2025-01-24T08:45:53Z)
• Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
  We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
  arXiv  Detail & Related papers  (2024-05-24T07:51:15Z)
• Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers [7.049738935364298]
  Malicious client-side scripts and browser extensions can steal passwords after they have been autofilled by the manager into the web page. This paper explores what role the password manager can take in preventing the theft of autofilled credentials without requiring a change to user behavior.
  arXiv  Detail & Related papers  (2024-02-09T03:21:14Z)
• PassGPT: Password Modeling and (Guided) Generation with Large Language Models [59.11160990637616]
  We present PassGPT, a large language model trained on password leaks for password generation. We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
  arXiv  Detail & Related papers  (2023-06-02T13:49:53Z)
• RiDDLE: Reversible and Diversified De-identification with Latent Encryptor [57.66174700276893]
  This work presents RiDDLE, short for Reversible and Diversified De-identification with Latent Encryptor. Built upon a pre-learned StyleGAN2 generator, RiDDLE manages to encrypt and decrypt the facial identity within the latent space.
  arXiv  Detail & Related papers  (2023-03-09T11:03:52Z)
• Targeted Honeyword Generation with Language Models [5.165256397719443]
  Honeywords are fictitious passwords inserted into databases to identify password breaches. Major difficulty is how to produce honeywords that are difficult to distinguish from real passwords.
  arXiv  Detail & Related papers  (2022-08-15T00:06:29Z)
• Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection [44.040106718326605]
  The choice of password composition policy to enforce on a password-protected system represents a critical security decision. In practice, this choice is not usually rigorous or justifiable, with a tendency for system administrators to choose password composition policies based on intuition alone. We propose a novel methodology that draws on password probability distributions constructed from large sets of real-world password data.
  arXiv  Detail & Related papers  (2020-07-07T22:12:13Z)
• DeepMnemonic: Password Mnemonic Generation via Deep Attentive Encoder-Decoder Model [26.797370435988853]
  We bridge the gap between strong password generation and the usability of strong passwords. We propose to automatically generate textual password mnemonics, i.e., natural language sentences, which are intended to help users better memorize passwords.
  arXiv  Detail & Related papers  (2020-06-24T04:05:48Z)
• Lost in Disclosure: On The Inference of Password Composition Policies [43.17794589897313]
  We study how password composition policies influence the distribution of user-chosen passwords on a system. We suggest a simple approach that produces more reliable results. We present pol-infer, a tool that implements this approach, and demonstrates its use inferring password composition policies.
  arXiv  Detail & Related papers  (2020-03-12T15:27:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.