Publication Details
Download |
Emanuel von Zezschwitz, Alexander De Luca, Heinrich Hussmann
Survival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition In Proceedings of the 14th IFIP TC13 Conference on Human-Computer Interaction (INTERACT 2013). Cape Town, South Africa, September 2-6 2013. (bib) |
In this paper, we investigate the evolutionary change of passwords over time. We conducted one-on-one interviews and analyzed the complexity and the diversity of users passwords using different analysis tools. By comparing their first-ever created passwords to several of their currently used passwords (e.g. most secure, policy-based), we were able to trace password reuse, password changes and influencing factors on the evolutionary process. Our approach allowed analyzing security aspects without actually knowing the password itself. The results reveal that currently used passwords are significantly longer than the participants first passwords. Most participants are aware of how to compose stronger passwords, but are still using significantly weaker passwords for most services. The evolutionary process less affects these most used passwords than policy-based or meter-based passwords. The results indicate that policies do influence the change of passwords, but often only lead to minor changes. |