A comparison of password feedback mechanisms and their impact on password entropy
Information Management & Computer Security
ISSN: 0968-5227
Article publication date: 25 November 2013
Abstract
Purpose
Text-based passwords created by users are typically weak. A common mitigation is to provide meaningful feedback to users regarding the relative strength of their newly created password. However, the effects of these feedback mechanisms on users to create stronger passwords have not been well studied. This study examined four different types of password feedback mechanisms to determine which, if any, are the most effective. The paper aims to discuss these issues.
Design/methodology/approach
Undergraduate student volunteers created four different passwords and then entered the passwords into four different online password feedback mechanisms. Participants were then asked whether the feedback persuaded them to change their original password.
Findings
In all cases, the feedback mechanisms significantly influenced users with lower password entropy to choose a more secure password. The password feedback mechanism that was most effective was the feedback of the estimated amount of time to break the password.
Research limitations/implications
Undergraduate students in an academic environment were the participants, which may limit external validity.
Practical implications
The implications are for designers of web sites and other applications that require users to create a text-based password: any feedback mechanism can influence users to create passwords with higher entropy, yet those that indicate the length of time it would take to crack the password are most effective.
Originality/value
There are a wide variety of password feedback mechanisms in use. However, their effects on influencing users to create stronger passwords have not been well studied.
Keywords
Citation
Ciampa, M. (2013), "A comparison of password feedback mechanisms and their impact on password entropy", Information Management & Computer Security, Vol. 21 No. 5, pp. 344-359. https://doi.org/10.1108/IMCS-12-2012-0072
Publisher
:Emerald Group Publishing Limited
Copyright © 2013, Emerald Group Publishing Limited