메뉴 건너뛰기




Volumn , Issue , 2016, Pages 3748-3760

Do users' perceptions of password security match reality?

Author keywords

Authentication; Passwords; Perceptions of security; Usable security; User behavior; Users' folk models

Indexed keywords

BEHAVIORAL RESEARCH; HUMAN COMPUTER INTERACTION; HUMAN ENGINEERING;

EID: 84995365235     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2858036.2858546     Document Type: Conference Paper
Times cited : (151)

References (83)
  • 1
    • 84928107691 scopus 로고    scopus 로고
    • Password meters and generators on the web: From large-scale empirical study to getting it right
    • Steven Van Acker, Daniel Hausknecht, Wouter Joosen, and Andrei Sabelfeld. 2015. Password Meters and Generators on the Web: From Large-Scale Empirical Study to Getting It Right. In Proc. CODASPY.
    • (2015) Proc. CODASPY
    • Van Acker, S.1    Hausknecht, D.2    Joosen, W.3    Sabelfeld, A.4
  • 2
    • 0043232732 scopus 로고    scopus 로고
    • Users are not the enemy
    • 1999
    • Anne Adams and Martina Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42, 12(1999), 40-46.
    • (1999) Commun. ACM , vol.42 , Issue.12 , pp. 40-46
    • Adams, A.1    Sasse, M.A.2
  • 3
  • 4
    • 84954537697 scopus 로고    scopus 로고
    • Understanding visual perceptions of usability and security of android's graphical password pattern
    • Adam J. Aviv and Dane Fichter. 2014. Understanding Visual Perceptions of Usability and Security of Android's Graphical Password Pattern. In Proc. ACSAC. 286-295.
    • (2014) Proc. ACSAC , pp. 286-295
    • Aviv, A.J.1    Fichter, D.2
  • 5
    • 85015099859 scopus 로고    scopus 로고
    • Ashley madison: Two women explain how hack changed their lives
    • August 27, 2015
    • Chris Baraniuk. 2015. Ashley Madison: Two women explain how hack changed their lives. BBC http://www.bbc.co.uk/news/technology-34072762. (August 27, 2015).
    • (2015) BBC
    • Baraniuk, C.1
  • 6
    • 84864517335 scopus 로고    scopus 로고
    • Evaluating online labor markets for experimental research: Amazon.com's mechanical turk
    • Adam J. Berinsky, Gregory A. Huber, and Gabriel S. Lenz. 2012. Evaluating Online Labor Markets for Experimental Research: Amazon.com's Mechanical Turk. Political Analysis 20(2012), 351-368.
    • (2012) Political Analysis , vol.20 , Issue.2012 , pp. 351-368
    • Berinsky, A.J.1    Huber, G.A.2    Lenz, G.S.3
  • 7
    • 84977964456 scopus 로고    scopus 로고
    • Biometric authentication on iphone and android: Usability, perceptions, and influences on adoption
    • Chandrasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, and Marios Savvides. 2015. Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. In Proc. USEC.
    • (2015) Proc. USEC
    • Bhagavatula, C.1    Ur, B.2    Iacovino, K.3    Kywe, S.M.4    Cranor, L.F.5    Savvides, M.6
  • 8
    • 84889010365 scopus 로고    scopus 로고
    • The gawker hack: How a million passwords were lost
    • December 2010
    • Joseph Bonneau. 2010. The Gawker hack: How a million passwords were lost. Light Blue Touchpaper Blog. (December 2010). http://www.lightbluetouchpaper.org/2010/12/15/thegawkerhack-how-a-million-passwords-were-lost/.
    • (2010) Light Blue Touchpaper Blog
    • Bonneau, J.1
  • 9
    • 84878356177 scopus 로고    scopus 로고
    • The science of guessing: Analyzing an anonymized corpus of 70 million passwords
    • Joseph Bonneau. 2012a. The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In Proc. IEEE Symposium on Security and Privacy.
    • (2012) Proc. IEEE Symposium on Security and Privacy
    • Bonneau, J.1
  • 10
  • 12
    • 84934758795 scopus 로고    scopus 로고
    • Passwords and the evolution of imperfect authentication
    • June 2015
    • Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2015. Passwords and the Evolution of Imperfect Authentication. CACM 58, 7(June 2015), 78-87.
    • (2015) CACM , vol.58 , Issue.7 , pp. 78-87
    • Bonneau, J.1    Herley, C.2    Van Oorschot, P.C.3    Stajano, F.4
  • 13
    • 84865034378 scopus 로고    scopus 로고
    • Linguistic properties of multi-word passphrases
    • Joseph Bonneau and Ekaterina Shutova. 2012. Linguistic properties of multi-word passphrases. In Proc. USEC.
    • (2012) Proc. USEC
    • Bonneau, J.1    Shutova, E.2
  • 14
    • 85014995774 scopus 로고    scopus 로고
    • 10 (or so) of the worst passwords exposed by the linkedin hack
    • June 2012
    • Jon Brodkin. 2012. 10 (or so) of the worst passwords exposed by the LinkedIn hack. Ars Technica. (June 2012).
    • (2012) Ars Technica
    • Brodkin, J.1
  • 15
    • 79960392344 scopus 로고    scopus 로고
    • Amazon's mechanical turk: A new source of inexpensive, yet high-quality, data?
    • 2011
    • Michael Buhrmester, Tracy Kwang, and Samuel D. Gosling. 2011. Amazon's Mechanical Turk: A New Source of Inexpensive, Yet High-Quality, Data? Perspectives on Psychological Science 6, 1(2011), 3-5.
    • (2011) Perspectives on Psychological Science , vol.6 , Issue.1 , pp. 3-5
    • Buhrmester, M.1    Kwang, T.2    Gosling, S.D.3
  • 16
    • 85014993778 scopus 로고    scopus 로고
    • Apple knew of icloud security hole 6 months before celebgate
    • September 24 2014
    • Dell Cameron. 2014. Apple knew of iCloud security hole 6 months before Celebgate. The Daily Dot. (September 24 2014). http://www.dailydot.com/technology/appleicloudbrute-force-attack-march/.
    • (2014) The Daily Dot
    • Cameron, D.1
  • 19
    • 84901615749 scopus 로고    scopus 로고
    • From very weak to very strong: Analyzing password-strength meters
    • Xavier de Carné de Carnavalet and Mohammad Mannan. 2014. From Very Weak to Very Strong: Analyzing Password-Strength Meters. In Proc. NDSS.
    • (2014) Proc. NDSS
    • De Carné De Carnavalet, X.1    Mannan, M.2
  • 20
    • 85015003528 scopus 로고    scopus 로고
    • I feel like i'm taking selfies all day! towards understanding biometric authentication on smartphones
    • Alexander De Luca, Alina Hang, Emanuel von Zezschwitz, and Heinrich Hussmann. 2015. I Feel Like I'm Taking Selfies All Day! Towards Understanding Biometric Authentication on Smartphones. In Proc. CHI.
    • (2015) Proc. CHI
    • De Luca, A.1    Hang, A.2    Von Zezschwitz, E.3    Hussmann, H.4
  • 24
    • 84883103217 scopus 로고    scopus 로고
    • On the ecological validity of a password study
    • Sascha Fahl, Marian Harbach, Yasemin Acar, and Matthew Smith. 2013. On The Ecological Validity of a Password Study. In Proc. SOUPS.
    • (2013) Proc. SOUPS
    • Fahl, S.1    Harbach, M.2    Acar, Y.3    Smith, M.4
  • 25
    • 35348884906 scopus 로고    scopus 로고
    • A large-scale study of web password habits
    • Dinei Florêncio and Cormac Herley. 2007. A large-scale study of web password habits. In Proc. WWW.
    • (2007) Proc. WWW
    • Florêncio, D.1    Herley, C.2
  • 26
  • 27
    • 85076288823 scopus 로고    scopus 로고
    • Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts
    • Dinei Florêncio, Cormac Herley, and Paul C. van Oorschot. 2014. Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. In Proc. USENIX Security.
    • (2014) Proc. USENIX Security
    • Florêncio, D.1    Herley, C.2    Van Oorschot, P.C.3
  • 29
    • 35248846782 scopus 로고    scopus 로고
    • Password management strategies for online accounts
    • Shirley Gaw and Edward W. Felten. 2006. Password management strategies for online accounts. In Proc. SOUPS.
    • (2006) Proc. SOUPS
    • Gaw, S.1    Felten, E.W.2
  • 30
    • 85015087721 scopus 로고    scopus 로고
    • Mozilla: Data stolen from hacked bug database was used to attack firefox
    • September 4, 2015
    • Megan Geuss. 2015. Mozilla: data stolen from hacked bug database was used to attack Firefox. Ars Technica http://arstechnica.com/security/2015/09/mozilla-data-stolen-from-hacked-bug-databasewasused-to-attack-firefox/. (September 4, 2015).
    • (2015) Ars Technica
    • Geuss, M.1
  • 31
    • 85015041049 scopus 로고    scopus 로고
    • Defining password strength
    • Jeffrey Goldberg. 2013. Defining Password Strength. In Passwords.
    • (2013) Passwords
    • Goldberg, J.1
  • 32
    • 84897032859 scopus 로고    scopus 로고
    • Why passwords have never been weaker- and crackers have never been stronger
    • August 2012
    • Dan Goodin. 2012. Why passwords have never been weaker- and crackers have never been stronger. Ars Technica. (August 2012). http://arstechnica.com/security/2012/08/passwords-under-assault/.
    • (2012) Ars Technica
    • Goodin, D.1
  • 33
    • 84893121194 scopus 로고    scopus 로고
    • Anatomy of a hack: How crackers ransack passwords like "qeadzcwrsfxv1331"
    • May 2013
    • Dan Goodin. 2013. Anatomy of a hack: How crackers ransack passwords like "qeadzcwrsfxv1331". Ars Technica. (May 2013). http://arstechnica.com/security/2013/05/howcrackersmake-minced-meat-out-of-yourpasswords/.
    • (2013) Ars Technica
    • Goodin, D.1
  • 34
    • 85015009112 scopus 로고    scopus 로고
    • Once seen as bulletproof, 11 million+ ashley madison passwords already cracked
    • September 10, 2015
    • Dan Goodin. 2015. Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked. Ars Technica http://arstechnica.com/security/2015/09/onceseenas-bulletproof-11-million-ashley-madisonpasswordsalready-cracked/. (September 10, 2015).
    • (2015) Ars Technica
    • Goodin, D.1
  • 35
    • 84874906715 scopus 로고    scopus 로고
    • A study of user password strategy for multiple accounts
    • S. M. Taiabul Haque, Matthew Wright, and Shannon Scielzo. 2013. A Study of User Password Strategy for Multiple Accounts. In CODASPY.
    • (2013) CODASPY
    • Haque, S.M.T.1    Wright, M.2    Scielzo, S.3
  • 36
    • 84960868732 scopus 로고    scopus 로고
    • Next gen pcfg password cracking
    • Aug. 2015
    • Shiva Houshmand, Sudhir Aggarwal, and Randy Flood. 2015. Next Gen PCFG Password Cracking. IEEE TIFS 10, 8(Aug. 2015), 1776-1791.
    • (2015) IEEE TIFS , vol.10 , Issue.8 , pp. 1776-1791
    • Houshmand, S.1    Aggarwal, S.2    Flood, R.3
  • 37
    • 79952018667 scopus 로고    scopus 로고
    • 2010
    • Imperva. 2010. Consumer Password Worst Practices. (2010). http://www.imperva.com/docs/WP-Consumer-Password-Worst-Practices.pdf.
    • (2010) Consumer Password Worst Practices
  • 38
    • 79955468168 scopus 로고    scopus 로고
    • Influence of user perception, security needs, and social factors on device pairing method choices
    • Iulia Ion, Marc Langheinrich, Ponnurangam Kumaraguru, and Srdjan Čapkun. 2010. Influence of user perception, security needs, and social factors on device pairing method choices. In Proc. SOUPS.
    • (2010) Proc. SOUPS
    • Ion, I.1    Langheinrich, M.2    Kumaraguru, P.3    Čapkun, S.4
  • 39
    • 84973604859 scopus 로고    scopus 로고
    • "::: No one can hack my mind": Comparing expert and non-expert security practices
    • Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. ":::no one can hack my mind": Comparing Expert and Non-Expert Security Practices. In Proc. SOUPS.
    • (2015) Proc. SOUPS
    • Ion, I.1    Reeder, R.2    Consolvo, S.3
  • 40
    • 77956245055 scopus 로고    scopus 로고
    • Quality management on amazon mechanical turk
    • ACM, New York, NY, USA
    • Panagiotis G. Ipeirotis, Foster Provost, and Jing Wang. 2010. Quality Management on Amazon Mechanical Turk. In Proc. HCOMP. ACM, New York, NY, USA, 64-67.
    • (2010) Proc. HCOMP , pp. 64-67
    • Ipeirotis, P.G.1    Provost, F.2    Wang, J.3
  • 41
    • 4243096135 scopus 로고    scopus 로고
    • The domino effect of password reuse
    • April 2004
    • Blake Ives, Kenneth R. Walsh, and Helmut Schneider. 2004. The Domino Effect of Password Reuse. Commun. ACM 47, 4(April 2004), 75-78.
    • (2004) Commun. ACM , vol.47 , Issue.4 , pp. 75-78
    • Ives, B.1    Walsh, K.R.2    Schneider, H.3
  • 42
    • 85026738968 scopus 로고    scopus 로고
    • The benefits of understanding passwords
    • Markus Jakobsson and Mayank Dhiman. 2012. The Benefits of Understanding Passwords. In Proc. HotSec.
    • (2012) Proc. HotSec
    • Jakobsson, M.1    Dhiman, M.2
  • 46
    • 35248895598 scopus 로고    scopus 로고
    • Human selection of mnemonic phrase-based passwords
    • Cynthia Kuo, Sasha Romanosky, and Lorrie Faith Cranor. 2006. Human selection of mnemonic phrase-based passwords. In Proc. SOUPS.
    • (2006) Proc. SOUPS
    • Kuo, C.1    Romanosky, S.2    Cranor, L.F.3
  • 47
    • 84978533801 scopus 로고    scopus 로고
    • A large-scale empirical analysis of Chinese web passwords
    • Zhigong Li, Weili Han, and Wenyuan Xu. 2014. A Large-Scale Empirical Analysis of Chinese Web Passwords. In Proc. USENIX Security.
    • (2014) Proc. USENIX Security
    • Li, Z.1    Han, W.2    Xu, W.3
  • 48
    • 85015032845 scopus 로고    scopus 로고
    • Apple on icloud breach: It's not our fault hackers guessed celebrity passwords
    • September 2 2014
    • Dylan Love. 2014. Apple On iCloud Breach: It's Not Our Fault Hackers Guessed Celebrity Passwords. International Business Times. (September 2 2014). http://www.ibtimes.com/apple-icloud-breach-itsnotour-fault-hackers-guessed-celebritypasswords-1676268.
    • (2014) International Business Times
    • Love, D.1
  • 50
    • 84860859593 scopus 로고    scopus 로고
    • Investigating the distribution of password choices
    • David Malone and Kevin Maher. 2012. Investigating the distribution of password choices. In Proc. WWW.
    • (2012) Proc. WWW
    • Malone, D.1    Maher, K.2
  • 55
  • 56
    • 55449109246 scopus 로고    scopus 로고
    • A future-adaptable password scheme
    • Niels Provos and David Mazieres. 1999. A Future-Adaptable Password Scheme. In Proc. USENIX.
    • (1999) Proc. USENIX
    • Provos, N.1    Mazieres, D.2
  • 57
    • 84865043423 scopus 로고    scopus 로고
    • Stories as informal lessons about security
    • Emilee Rader, Rick Wash, and Brandon Brooks. 2012. Stories as informal lessons about security. In Proc. SOUPS.
    • (2012) Proc. SOUPS
    • Rader, E.1    Wash, R.2    Brooks, B.3
  • 59
    • 85015088090 scopus 로고    scopus 로고
    • August 2009
    • Bruce Schneier. 2009. Password Advice. http://www.schneier.com/blog/archives/2009/08/password-advice.html. (August 2009).
    • (2009) Password Advice
    • Schneier, B.1
  • 61
    • 85076308593 scopus 로고    scopus 로고
    • 2009
    • Jens Steubbe. 2009. Hashcat. http://hashcat.net/oclhashcat-plus/. (2009).
    • (2009) Hashcat
    • Steubbe, J.1
  • 62
    • 84959159726 scopus 로고    scopus 로고
    • The password life cycle: User behaviour in managing passwords
    • Elizabeth Stobert and Robert Biddle. 2014. The Password Life Cycle: User Behaviour in Managing Passwords. In Proc. SOUPS.
    • (2014) Proc. SOUPS
    • Stobert, E.1    Biddle, R.2
  • 64
    • 85044852613 scopus 로고    scopus 로고
    • 2015
    • Stricture Consulting Group. 2015. Password Audits. http://stricture-group.com/services/passwordaudits.htm. (2015).
    • (2015) Password Audits
    • Group, S.C.1
  • 65
    • 84855678652 scopus 로고    scopus 로고
    • What makes users refuse web single sign-on?: An empirical investigation of openid
    • San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. 2011. What makes users refuse web single sign-on?: An empirical investigation of OpenID. In Proc. SOUPS.
    • (2011) Proc. SOUPS
    • Sun, S.-T.1    Pospisil, E.2    Muslukhov, I.3    Dindar, N.4    Hawkey, K.5    Beznosov, K.6
  • 66
    • 84903035283 scopus 로고    scopus 로고
    • Nudge: Improving decisions about health, wealth, and happiness
    • Richard H. Thaler and Cass R. Sunstein. 2008. Nudge: Improving decisions about health, wealth, and happiness. Yale University Press.
    • (2008) Yale University Press
    • Thaler, R.H.1    Sunstein, C.R.2
  • 67
    • 85015062378 scopus 로고    scopus 로고
    • June 2012
    • Trustwave Spiderlabs. 2012. eHarmony Password Dump Analysis. (June 2012). http://blog.spiderlabs.com/2012/06/eharmonypassworddump-analysis.html.
    • (2012) EHarmony Password Dump Analysis
  • 72
    • 78650009077 scopus 로고    scopus 로고
    • If your password is 123456, just make it hackme
    • 2010
    • Ashlee Vance. 2010. If Your Password Is 123456, Just Make It HackMe. New York Times, http://www.nytimes.com/2010/01/21/technology/21password.html. (2010).
    • (2010) New York Times
    • Vance, A.1
  • 73
    • 84875495633 scopus 로고    scopus 로고
    • Enhancing password security through interactive fear appeals: A web-based field experiment
    • Anthony Vance, David Eargle, Kirk Ouimet, and Detmar Straub. 2013. Enhancing Password Security through Interactive Fear Appeals: A Web-Based Field Experiment. In Proc. HICSS.
    • (2013) Proc. HICSS
    • Vance, A.1    Eargle, D.2    Ouimet, K.3    Straub, D.4
  • 74
    • 84928498543 scopus 로고    scopus 로고
    • On the semantic patterns of passwords and their security impact
    • Rafael Veras, Christopher Collins, and Julie Thorpe. 2014. On the Semantic Patterns of Passwords and their Security Impact. In Proc. NDSS.
    • (2014) Proc. NDSS
    • Veras, R.1    Collins, C.2    Thorpe, J.3
  • 75
    • 84970040522 scopus 로고    scopus 로고
    • Visualizing semantics in passwords: The role of dates
    • Rafael Veras, Julie Thorpe, and Christopher Collins. 2012. Visualizing semantics in passwords: The role of dates. In Proc. VizSec.
    • (2012) Proc. VizSec
    • Veras, R.1    Thorpe, J.2    Collins, C.3
  • 76
    • 84893350508 scopus 로고    scopus 로고
    • Mental models - General introduction and review of their application to human-centred security
    • Melanie Volkamer and Karen Renaud. 2013. Mental Models - General Introduction and Review of Their Application to Human-Centred Security. In Number Theory and Cryptography. Lecture Notes in Computer Science, Vol. 8260. 255-280.
    • (2013) Number Theory and Cryptography. Lecture Notes in Computer Science , vol.8260 , pp. 255-280
    • Volkamer, M.1    Renaud, K.2
  • 77
    • 85015100825 scopus 로고    scopus 로고
    • Survival of the shortest: A retrospective analysis of influencing factors on password composition
    • Emanuel von Zezschwitz, Alexander De Luca, and Heinrich Hussmann. 2013. Survival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition. In INTERACT.
    • (2013) INTERACT
    • Von Zezschwitz, E.1    De Luca, A.2    Hussmann, H.3
  • 78
    • 79951633637 scopus 로고    scopus 로고
    • Folk models of home computer security
    • Rick Wash. 2010. Folk models of home computer security. In Proc. SOUPS.
    • (2010) Proc. SOUPS
    • Wash, R.1
  • 80
    • 78650022232 scopus 로고    scopus 로고
    • Testing metrics for password creation policies by attacking large sets of revealed passwords
    • Matt Weir, Sudhir Aggarwal, Michael Collins, and Henry Stern. 2010. Testing metrics for password creation policies by attacking large sets of revealed passwords. In Proc. CCS.
    • (2010) Proc. CCS
    • Weir, M.1    Aggarwal, S.2    Collins, M.3    Stern, H.4
  • 82
    • 78650011800 scopus 로고    scopus 로고
    • The security of modern password expiration: An algorithmic framework and empirical analysis
    • Yinqian Zhang, Fabian Monrose, and Michael K Reiter. 2010. The security of modern password expiration: An algorithmic framework and empirical analysis. In Proc. CCS.
    • (2010) Proc. CCS
    • Zhang, Y.1    Monrose, F.2    Reiter, M.K.3
  • 83
    • 84900811528 scopus 로고    scopus 로고
    • Password advice shouldn't be boring: Visualizing password guessing attacks
    • Leah Zhang-Kennedy, Sonia Chiasson, and Robert Biddle. 2013. Password advice shouldn't be boring: Visualizing password guessing attacks. In Proc. eCRS.
    • (2013) Proc. eCRS
    • Zhang-Kennedy, L.1    Chiasson, S.2    Biddle, R.3


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.