密码策略vs可用性:用户什么时候会“抓狂”?

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) Pub Date : 2020-12-01 DOI:10.1109/TrustCom50675.2020.00032

Roberto Dillon, S. Chawla, Dayana Hristova, Barbara Göbl, Suzana Jovicic

{"title":"密码策略vs可用性:用户什么时候会“抓狂”?","authors":"Roberto Dillon, S. Chawla, Dayana Hristova, Barbara Göbl, Suzana Jovicic","doi":"10.1109/TrustCom50675.2020.00032","DOIUrl":null,"url":null,"abstract":"To grant password security, it is still a common practice to request users to comply with a number of rules that need to be met for the resulting password to be valid. Users have no option but to comply with the rules, but is there a specific point where the required rules start being perceived as a nuisance and thus jeopardize security? This paper addresses users' reactions to such a scenario by means of an online survey ($\\mathrm{N}=51$) where users are being asked to create a password following an increasing number of restrictions. We thereby follow their evolving responses as each further criterion is added. Our analysis confirms that the increase in rule complexity has detrimental effects on usability and can lead to workarounds potentially compromising password security.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"220 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Password Policies vs. Usability: When Do Users Go “Bananas”?\",\"authors\":\"Roberto Dillon, S. Chawla, Dayana Hristova, Barbara Göbl, Suzana Jovicic\",\"doi\":\"10.1109/TrustCom50675.2020.00032\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To grant password security, it is still a common practice to request users to comply with a number of rules that need to be met for the resulting password to be valid. Users have no option but to comply with the rules, but is there a specific point where the required rules start being perceived as a nuisance and thus jeopardize security? This paper addresses users' reactions to such a scenario by means of an online survey ($\\\\mathrm{N}=51$) where users are being asked to create a password following an increasing number of restrictions. We thereby follow their evolving responses as each further criterion is added. Our analysis confirms that the increase in rule complexity has detrimental effects on usability and can lead to workarounds potentially compromising password security.\",\"PeriodicalId\":221956,\"journal\":{\"name\":\"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)\",\"volume\":\"220 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom50675.2020.00032\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom50675.2020.00032","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

为了授予密码安全性，通常的做法仍然是要求用户遵守一些规则，这些规则需要满足才能使生成的密码有效。用户除了遵守规则之外别无选择，但是是否存在这样一个特定点，即所需的规则开始被视为一种麻烦，从而危及安全性?本文通过在线调查($\ mathm {N}=51$)解决了用户对这种情况的反应，其中要求用户根据越来越多的限制创建密码。因此，随着每一项进一步的标准的增加，我们将关注他们不断变化的反应。我们的分析证实，规则复杂性的增加对可用性有不利影响，并可能导致可能危及密码安全性的变通方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Password Policies vs. Usability: When Do Users Go “Bananas”?

To grant password security, it is still a common practice to request users to comply with a number of rules that need to be met for the resulting password to be valid. Users have no option but to comply with the rules, but is there a specific point where the required rules start being perceived as a nuisance and thus jeopardize security? This paper addresses users' reactions to such a scenario by means of an online survey ($\mathrm{N}=51$) where users are being asked to create a password following an increasing number of restrictions. We thereby follow their evolving responses as each further criterion is added. Our analysis confirms that the increase in rule complexity has detrimental effects on usability and can lead to workarounds potentially compromising password security.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

自引率

0.00%

发文量