UWSpace is currently experiencing technical difficulties resulting from its recent migration to a new version of its software. These technical issues are not affecting the submission and browse features of the site. UWaterloo community members may continue submitting items to UWSpace. We apologize for the inconvenience, and are actively working to resolve these technical issues.
 

Password Advice Shouldn't Be Boring: Visualizing Password Guessing Attacks

Simple item page
dc.contributor.authorZhang-Kennedy, Leah
dc.contributor.authorChiasson, Sonia
dc.contributor.authorBiddle, Robert
dc.date.accessioned2022-03-08T21:41:13Z
dc.date.available2022-03-08T21:41:13Z
dc.date.issued2013-09
dc.description© 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.en
dc.description.abstractUsers are susceptible to password guessing attacks when they create weak passwords. Despite an abundance of text-based password advice, it appears insufficient to help home users create strong memorable passwords. We propose that users would be empowered to make better password choices if they understood how password guessing attacks work through visual communication. We created three infographic posters and an online educational comic to help users to learn about the threats. We conducted two studies to assess their effectiveness. All four methods led to superior learning outcomes than the text- alone approach. Our pre-test questionnaires also highlighted that users’ understanding of password guessing attacks is limited to a “target” mental model. One week after viewing our materials, the majority of users created strong sample passwords, and correctly described all three attacks: targeted, dictionary, and brute-force.en
dc.identifier.urihttps://doi.org/10.1109/eCRS.2013.6805770
dc.identifier.urihttp://hdl.handle.net/10012/18100
dc.language.isoenen
dc.publisherIEEEen
dc.relation.ispartofseries2013 APWG eCrime Researchers Summit;
dc.subjectpasswordsen
dc.subjectadviceen
dc.subjecttext-alone approachen
dc.titlePassword Advice Shouldn't Be Boring: Visualizing Password Guessing Attacksen
dc.typeArticleen
dcterms.bibliographicCitationZhang-Kennedy, L., Chiasson, S., & Biddle, R. (2013). Password advice shouldn’t be boring: Visualizing password guessing attacks. 2013 APWG ECrime Researchers Summit, 1–11. https://doi.org/10.1109/eCRS.2013.6805770en
uws.contributor.affiliation1Stratford School of Interaction Design and Businessen
uws.contributor.affiliation2Stratford School of Interaction Design and Businessen
uws.peerReviewStatusRevieweden
uws.scholarLevelFacultyen
uws.typeOfResourceTexten

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Password advice shouldn't be boring Visualizing password guessing attacks.pdf
Size:
7.01 MB
Format:
Adobe Portable Document Format
Description:
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
4.47 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Waterloo Research
Computer Science
Stratford School of Interaction Design and Business