Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A comparison of password feedback mechanisms and their impact on password entropy

A comparison of password feedback mechanisms and their impact on password entropy Purpose – Text‐based passwords created by users are typically weak. A common mitigation is to provide meaningful feedback to users regarding the relative strength of their newly created password. However, the effects of these feedback mechanisms on users to create stronger passwords have not been well studied. This study examined four different types of password feedback mechanisms to determine which, if any, are the most effective. The paper aims to discuss these issues. Design/methodology/approach – Undergraduate student volunteers created four different passwords and then entered the passwords into four different online password feedback mechanisms. Participants were then asked whether the feedback persuaded them to change their original password. Findings – In all cases, the feedback mechanisms significantly influenced users with lower password entropy to choose a more secure password. The password feedback mechanism that was most effective was the feedback of the estimated amount of time to break the password. Research limitations/implications – Undergraduate students in an academic environment were the participants, which may limit external validity. Practical implications – The implications are for designers of web sites and other applications that require users to create a text‐based password: any feedback mechanism can influence users to create passwords with higher entropy, yet those that indicate the length of time it would take to crack the password are most effective. Originality/value – There are a wide variety of password feedback mechanisms in use. However, their effects on influencing users to create stronger passwords have not been well studied. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Management & Computer Security Emerald Publishing

A comparison of password feedback mechanisms and their impact on password entropy

Information Management & Computer Security , Volume 21 (5): 16 – Nov 22, 2013

Loading next page...
 
/lp/emerald-publishing/a-comparison-of-password-feedback-mechanisms-and-their-impact-on-6DWwMffXFU
Publisher
Emerald Publishing
Copyright
Copyright © 2013 Emerald Group Publishing Limited. All rights reserved.
ISSN
0968-5227
DOI
10.1108/IMCS-12-2012-0072
Publisher site
See Article on Publisher Site

Abstract

Purpose – Text‐based passwords created by users are typically weak. A common mitigation is to provide meaningful feedback to users regarding the relative strength of their newly created password. However, the effects of these feedback mechanisms on users to create stronger passwords have not been well studied. This study examined four different types of password feedback mechanisms to determine which, if any, are the most effective. The paper aims to discuss these issues. Design/methodology/approach – Undergraduate student volunteers created four different passwords and then entered the passwords into four different online password feedback mechanisms. Participants were then asked whether the feedback persuaded them to change their original password. Findings – In all cases, the feedback mechanisms significantly influenced users with lower password entropy to choose a more secure password. The password feedback mechanism that was most effective was the feedback of the estimated amount of time to break the password. Research limitations/implications – Undergraduate students in an academic environment were the participants, which may limit external validity. Practical implications – The implications are for designers of web sites and other applications that require users to create a text‐based password: any feedback mechanism can influence users to create passwords with higher entropy, yet those that indicate the length of time it would take to crack the password are most effective. Originality/value – There are a wide variety of password feedback mechanisms in use. However, their effects on influencing users to create stronger passwords have not been well studied.

Journal

Information Management & Computer SecurityEmerald Publishing

Published: Nov 22, 2013

Keywords: Password; Password feedback mechanisms; Entropy

References