Corpus ID: 11991921

Personalizing Password Policies and Strength Feedback

  title={Personalizing Password Policies and Strength Feedback},
  author={Tobias Seitz},
  • Tobias Seitz
  • Published in PPT@PERSUASIVE 2017
  • Computer Science
To make users pick stronger passwords, service providers utilize password policies and password creation feedback while the user types inside password fields. Those two techniques often fail to achieve this primary goal. In this position paper, we argue that a personalized version of polices and strength meters are worth investigating. Putting individuals into the center of attention rather than the tasks may improve the user experience of password-based authentication. We discuss the… Expand
Nudging personalized password policies by understanding users' personality
This work proposes a dynamic personalized password policy (DPPP), which can personally recommend different password policies according to the user’s personality traits, and shows that DPPP is more effective than Basic8 and 3class8 in resisting online and offline guessing attacks. Expand
PASDJO: quantifying password strength perceptions with an online game
An online game that helps quantifying the perception of password strength is presented and how the data collected through PASDJO can help designing better password feedback and boost user experience during account creation is highlighted. Expand
Preface to the Second International Workshop on Personalizing Persuasive Technologies
Personalizing Persuasive Technologies (PPTs) is a growing research area which investigates how interactive systems can be designed to better suit people of various dispositions, inclinations, andExpand


Designing Password Policies for Strength and Usability
This work examines 15 password policies and identifies policies that are both more usable and more secure than commonly used policies that emphasize complexity rather than length requirements, contributing the first thorough examination of policies requiring longer passwords. Expand
Do Users' Perceptions of Password Security Match Reality?
Large variance in participants' understanding of how passwords may be attacked is found, potentially explaining why users nonetheless make predictable passwords. Expand
A Large-Scale Evaluation of High-Impact Password Strength Meters
Light is shed on how the server end of some web service meters functions and examples of highly inconsistent strength outcomes for the same password in different meters are provided, along with examples of many weak passwords being labeled as strong or even excellent. Expand
The true cost of unusable password policies: password use in the wild
A study which re-examined password policies and password practice in the workplace today finds that users are in general concerned to maintain security, but existing security policies are too inflexible to match their capabilities, and the tasks and contexts in which they operate. Expand
A Spoonful of Sugar?: The Impact of Guidance and Feedback on Password-Creation Behavior
It is found that real-time password-creation feedback can help users create strong passwords with fewer errors, and that although guiding participants through a three-step password- creation process can make creation easier, it may result in weaker passwords. Expand
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
It was found that meters with a variety of visual appearances led users to create longer passwords, however, significant increases in resistance to a password-cracking algorithm were only achieved using meters that scored passwords stringently. Expand
Does my password go up to eleven?: the impact of password meters on password selection
It is concluded that meters result in stronger passwords when users are forced to change existing passwords on "important" accounts and that individual meter design decisions likely have a marginal impact. Expand
A large-scale study of web password habits
The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. Expand
Influencing Self-Selected Passwords Through Suggestions and the Decoy Effect
This study explored the effect of suggesting different variations and constellations of passwords during password selection and investigated whether the decoy effect can be applied here. Expand
Pretty good persuasion: a first step towards effective password security in the real world
It is argued that password mechanisms and their users form a socio-technical system, whose effectiveness relies strongly on users' willingness to make the extra effort that security-conscious behavior requires, and methods that can be used to persuade users to employ proper password practice. Expand