the password doesn t fall far how service influences
play

The Password Doesnt Fall Far: How Service Influences Password Choice - PowerPoint PPT Presentation

The Password Doesnt Fall Far: How Service Influences Password Choice Miranda Wei, The University of Chicago Maximilian Golla, Ruhr University Bochum Blase Ur, The University of Chicago Baltimore, USA | August 12, 2018


  1. The Password Doesn’t Fall Far: How Service Influences Password Choice Miranda Wei, The University of Chicago 
 Maximilian Golla, Ruhr University Bochum Blase Ur, The University of Chicago Baltimore, USA | August 12, 2018

  2. https://myappletrees.com esdf Create a password for your MyAppleTrees account: MyAppleTreesPassword ! 2 Baltimore, USA | SOUPS WAY | August 12, 2018

  3. https://myappletrees.com esdf Create a password for your MyAppleTrees account: RedDelicious ! 3 Baltimore, USA | SOUPS WAY | August 12, 2018

  4. related work about password choice demographic factors account importance composition policies [Mazurek et al., CCS13] [Ur et al., SOUPS15] [Florêncio & Herley, WWW07] ! 4 Baltimore, USA | SOUPS WAY | August 12, 2018

  5. our research questions Do users make passwords related to… 1. … the name of the service? myappletrees 2. … the topic of the service? applepie ! 5 Baltimore, USA | SOUPS WAY | August 12, 2018

  6. methodology ! 6 Baltimore, USA | August 12, 2018

  7. five password leaks ! 7 Baltimore, USA | SOUPS WAY | August 12, 2018

  8. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  9. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  10. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  11. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks not service- specific service-specific ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  12. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks Brazzers last.fm LinkedIn Mate1 not service- specific service-specific ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  13. qualitative coding Step 1: Initial Criteria Step 2: Open Coding Is the password related to… CODEBOOK • … the name of the service? • average of 7 codes/service • … the topic of the service? • coded 90% of analyzed passwords ! 9 Baltimore, USA | SOUPS WAY | August 12, 2018

  14. results ! 10 Baltimore, USA | August 12, 2018

  15. yes, related to name Top ten passwords per service after filtering ! 11 Baltimore, USA | SOUPS WAY | August 12, 2018

  16. yes, related to topic trooper pornstar networking headshot enjoyporn jobsearch iamthebest iloveporn business ! 12 Baltimore, USA | SOUPS WAY | August 12, 2018

  17. CODEBOOK ! 13 Baltimore, USA | SOUPS WAY | August 12, 2018

  18. users choose passwords based on other interests giants cadillac halflife patriots silverado warcraft3 wrestling peterbilt gamecube bowling accord viewsonic ! 14 Baltimore, USA | SOUPS WAY | August 12, 2018

  19. users choose passwords reflecting international backgrounds hejhej olamide jemoeder opeyemi wachtwoord babatunde panzer adekunle ! 15 Baltimore, USA | SOUPS WAY | August 12, 2018

  20. users invoke religion when it comes to jobs and love krishna ilovegod jesuschrist thankgod godisgreat ingodwetrust godislove godhelpme ! 16 Baltimore, USA | SOUPS WAY | August 12, 2018

  21. conclusions ! 17 Baltimore, USA | August 12, 2018

  22. need to account for site-specific keywords • password doesn’t fall far - 3-6% of passwords analyzed were directly related to name/ topic • many password-guessing tools/ models support custom wordlists ! 18 Baltimore, USA | SOUPS WAY | August 12, 2018

  23. use blacklists • at an absolute minimum, blacklist the service name! - looking at you: Spotify, Amazon, Facebook, Google, Hulu, Tumblr, Pinterest, Microsoft, Instagram, Twitter • balancing security and usability ! 19 Baltimore, USA | SOUPS WAY | August 12, 2018

  24. improve existing tools • popularity-based password-composition policies [Schechter et al., Hot Topics 10, Segreti et al., SOUPS17] • password-strength meters [Ur et al., CHI17] ! 20 Baltimore, USA | SOUPS WAY | August 12, 2018

  25. • Qualitative study of leaked passwords from Battlefield Heroes, Brazzers, last.fm, LinkedIn, and Mate1 • Passwords were related by service name, topic, and a variety of other salient semantic topics • Need to account for site-specific keywords The Password Doesn’t Fall Far: How Services Influence Password Choice Miranda Wei, Maximilian Golla, Blase Ur weim@uchicago.edu ! 21 title image: Baltimore, USA | SOUPS WAY | August 12, 2018 http:/ /www.fanpop.com/clubs/autumn/images/35580383/title/apple-orchard-photo

Recommend


More recommend