Politicas
Páginas: 36 (8772 palabras)
Publicado: 9 de noviembre de 2011
Of Passwords and People: Measuring the Effect of Password-Composition Policies
Saranga Komanduri1 , Richard Shay1 , Patrick Gage Kelley1 , Michelle L. Mazurek1 , Lujo Bauer1 , Nicolas Christin1 , Lorrie Faith Cranor1 , and Serge Egelman2 Carnegie Mellon University Pittsburgh, PA {sarangak, rshay, pgage, mmazurek}@cmu.edu {lbauer, nicolasc, lorrie}@cmu.edu
ABSTRACT
1 2
National Institute ofStandards and Technology Gaithersburg, MD serge.egelman@nist.gov
passwords harder to predict. Such a policy may require, for example, that passwords exceed a minimum length, that they contain uppercase letters and symbols, and that they do not contain dictionary words. Unfortunately, it is difficult to define precisely the relationship between the components of a password-composition policy and thepredictability of the resulting passwords, in large part because of a lack of empirical data on passwords and the policies under which they were created. Even the best current guidelines for designing password-composition policies, for instance, are based on theoretical estimates [4] or small-scale laboratory studies (e.g., [12, 20]). What makes designing an appropriate password-compositionpolicy even trickier is that such policies affect not only the passwords users create, but also users’ behavior. For example, certain password-composition policies that lead to more-difficult-to-predict passwords may also lead users to write down their passwords more readily, or to become more averse to changing passwords because of the additional effort of memorizing the new ones. Such behavior mayalso affect an adversary’s ability to predict passwords and should therefore be taken into account when selecting a policy. With this paper, we take a significant step toward improving our understanding of how password-composition policies influence the predictability of passwords, as well as how they affect user behavior and sentiment. We describe the results of a two-part user study with more than5,000 participants. In the first part we required each participant to create a password under one of four different password-composition policies. In the second part we asked participants to recall their passwords at least two days later. We also surveyed users to capture their sentiment toward a password-composition policy, as well as to to learn about their password-related behavior (e.g., whetherand how they recorded the password). Using the collected data, we characterize the predictability of passwords created under various password-composition policies by computing their entropy. Our results are the first entropy estimates derived from a large-scale empirical study that allow for comparison of entropy across different password-composition policies. Combining these results
Text-basedpasswords are the most common mechanism for authenticating humans to computer systems. To prevent users from picking passwords that are too easy for an adversary to guess, system administrators adopt password-composition policies (e.g., requiring passwords to contain symbols and numbers). Unfortunately, little is known about the relationship between password-composition policies and the strengthof the resulting passwords, or about the behavior of users (e.g., writing down passwords) in response to different policies. We present a large-scale study that investigates password strength, user behavior, and user sentiment across four password-composition policies. We characterize the predictability of passwords by calculating their entropy, and find that a number of commonly held beliefs aboutpassword composition and strength are inaccurate. We correlate our results with user behavior and sentiment to produce several recommendations for password-composition policies that result in strong passwords without unduly burdening users.
Author Keywords
Security, Usability, Passwords, Policy
ACM Classification Keywords
D.4.6 Security and Protection: Authentication; H.1.2 User/ Machine...
Saranga Komanduri1 , Richard Shay1 , Patrick Gage Kelley1 , Michelle L. Mazurek1 , Lujo Bauer1 , Nicolas Christin1 , Lorrie Faith Cranor1 , and Serge Egelman2 Carnegie Mellon University Pittsburgh, PA {sarangak, rshay, pgage, mmazurek}@cmu.edu {lbauer, nicolasc, lorrie}@cmu.edu
ABSTRACT
1 2
National Institute ofStandards and Technology Gaithersburg, MD serge.egelman@nist.gov
passwords harder to predict. Such a policy may require, for example, that passwords exceed a minimum length, that they contain uppercase letters and symbols, and that they do not contain dictionary words. Unfortunately, it is difficult to define precisely the relationship between the components of a password-composition policy and thepredictability of the resulting passwords, in large part because of a lack of empirical data on passwords and the policies under which they were created. Even the best current guidelines for designing password-composition policies, for instance, are based on theoretical estimates [4] or small-scale laboratory studies (e.g., [12, 20]). What makes designing an appropriate password-compositionpolicy even trickier is that such policies affect not only the passwords users create, but also users’ behavior. For example, certain password-composition policies that lead to more-difficult-to-predict passwords may also lead users to write down their passwords more readily, or to become more averse to changing passwords because of the additional effort of memorizing the new ones. Such behavior mayalso affect an adversary’s ability to predict passwords and should therefore be taken into account when selecting a policy. With this paper, we take a significant step toward improving our understanding of how password-composition policies influence the predictability of passwords, as well as how they affect user behavior and sentiment. We describe the results of a two-part user study with more than5,000 participants. In the first part we required each participant to create a password under one of four different password-composition policies. In the second part we asked participants to recall their passwords at least two days later. We also surveyed users to capture their sentiment toward a password-composition policy, as well as to to learn about their password-related behavior (e.g., whetherand how they recorded the password). Using the collected data, we characterize the predictability of passwords created under various password-composition policies by computing their entropy. Our results are the first entropy estimates derived from a large-scale empirical study that allow for comparison of entropy across different password-composition policies. Combining these results
Text-basedpasswords are the most common mechanism for authenticating humans to computer systems. To prevent users from picking passwords that are too easy for an adversary to guess, system administrators adopt password-composition policies (e.g., requiring passwords to contain symbols and numbers). Unfortunately, little is known about the relationship between password-composition policies and the strengthof the resulting passwords, or about the behavior of users (e.g., writing down passwords) in response to different policies. We present a large-scale study that investigates password strength, user behavior, and user sentiment across four password-composition policies. We characterize the predictability of passwords by calculating their entropy, and find that a number of commonly held beliefs aboutpassword composition and strength are inaccurate. We correlate our results with user behavior and sentiment to produce several recommendations for password-composition policies that result in strong passwords without unduly burdening users.
Author Keywords
Security, Usability, Passwords, Policy
ACM Classification Keywords
D.4.6 Security and Protection: Authentication; H.1.2 User/ Machine...
Leer documento completo
Regístrate para leer el documento completo.