Abstract
A strong password is considered the most important feature for the security of any account credentials. In the last decades, several organizations focused on improving its strength and produced awareness initiatives and security guidelines on how to create and maintain secure passwords. However, studies found that users perceive security and convenience as a trade-off, and they often compromise password strength in favor of a key phrase that is easier to remember and type. Therefore, nowadays websites and applications implement password generation aiding systems (PGAS) that help, and even force, users to create more secure passwords. Nowadays, several types of PGAS are available, each implementing a different strategy for stimulating users in crating stronger and more secure passwords. In this paper, we present the results of a study in which we compared six different PGAS and evaluated their performance in terms of security and convenience, with the aim of suggesting the system that has the most beneficial trade-off depending on the type of application.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bevilacqua, V., Cariello, L., Columbo, D., Daleno, D., Fabiano, M.D., Giannini, M., Mas-tronardi, G., Castellano, M.: Retinal fundus biometric analysis for personal identifications. In: International Conference on Intelligent Computing, pp. 1229–1237, September 2008
Bonneau, J., Herley, C., Van Oorschoto, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78–87 (2015). https://doi.org/10.1145/2699390
Stainbrook, M., Caporusso, N.: Convenience or strength? Aiding optimal strategies in password generation. In: Proceedings of Advances in Human Factors in Cybersecurity, AHFE 2018. Advances in Intelligent Systems and Computing, vol 782 (2018). https://doi.org/10.1007/978-3-319-94782-2_3
Tam, L., Glassman, M., Vandenwauver, M.: The psychology of password management: a trade-off between security and convenience. Behav. Inf. Technol. 29(3), 233–244 (2010). https://doi.org/10.1080/01449290903121386
Ciampa, M.: A comparison of password feedback mechanisms and their impact on password entropy. Inf. Manag. Comput. Secur. 21 (2013)
Dupuis, M., Khan, F.: Effects of peer feedback on password strength. In: APWG Symposium on Electronic Crime Research, San Diego, CA, pp. 1–9 (2018). https://doi.org/10.1109/ECRIME.2018.8376210
Egelman, S., Sotirakopoulos, A., Muslukhov, I., Beznosov, K., Herley, C.: Does my password go up to eleven? The Impact of password meter on password selection. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2379–2388. ACM, New York (2013). https://doi.org/10.1145/2470654.2481329
Florêncio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on the World Wide Web, pp. 657–666 ACM Press, New York (2007)
Ur, B., et al.: How does your password measure up? The effect of strength meters on password creation. In: Proceedings Security 2012, USENIX Association (2012)
Shay, R., et al.: A spoonful of sugar? The impact of guidance and feedback on password-creation behavior. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2903–2912, April 2015
Caporusso, N., Chea, S., Abukhaled, R.: A game-theoretical model of ransomware. In: International Conference on Applied Human Factors and Ergonomics, pp. 69–78. Springer, Cham, July 2018. https://doi.org/10.1007/978-3-319-94782-2_7
Xiao, X., Caporusso, N.: Comparative evaluation of cyber migration factors in the current social media landscape. In: 2018 6th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 102–107. IEEE, August 2018. https://doi.org/10.1109/W-FiCloud.2018.00022
Fandakly, T., Caporusso, N.: Beyond passwords: enforcing username security as the first line of defense. In: International Conference on Applied Human Factors and Ergonomics. Springer, July 2019 (to be published)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Stainbrook, M., Caporusso, N. (2020). Comparative Evaluation of Security and Convenience Trade-Offs in Password Generation Aiding Systems. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-20488-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20487-7
Online ISBN: 978-3-030-20488-4
eBook Packages: EngineeringEngineering (R0)