the password doesn t fall far how service influences
play

The Password Doesnt Fall Far: How Service Influences Password Choice - PowerPoint PPT Presentation

Aug 21, 2023 •212 likes •474 views

The Password Doesnt Fall Far: How Service Influences Password Choice Miranda Wei, The University of Chicago Maximilian Golla, Ruhr University Bochum Blase Ur, The University of Chicago Baltimore, USA | August 12, 2018

  1. The Password Doesn’t Fall Far: How Service Influences Password Choice Miranda Wei, The University of Chicago 
 Maximilian Golla, Ruhr University Bochum Blase Ur, The University of Chicago Baltimore, USA | August 12, 2018

  2. https://myappletrees.com esdf Create a password for your MyAppleTrees account: MyAppleTreesPassword ! 2 Baltimore, USA | SOUPS WAY | August 12, 2018

  3. https://myappletrees.com esdf Create a password for your MyAppleTrees account: RedDelicious ! 3 Baltimore, USA | SOUPS WAY | August 12, 2018

  4. related work about password choice demographic factors account importance composition policies [Mazurek et al., CCS13] [Ur et al., SOUPS15] [Florêncio & Herley, WWW07] ! 4 Baltimore, USA | SOUPS WAY | August 12, 2018

  5. our research questions Do users make passwords related to… 1. … the name of the service? myappletrees 2. … the topic of the service? applepie ! 5 Baltimore, USA | SOUPS WAY | August 12, 2018

  6. methodology ! 6 Baltimore, USA | August 12, 2018

  7. five password leaks ! 7 Baltimore, USA | SOUPS WAY | August 12, 2018

  8. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  9. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  10. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  11. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks not service- specific service-specific ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  12. filtered out passwords that appeared in other leaks Top 1000 Passwords Top 1000 Passwords From From Each of the Battlefield Heroes Other Four Leaks Brazzers last.fm LinkedIn Mate1 not service- specific service-specific ! 8 Baltimore, USA | SOUPS WAY | August 12, 2018

  13. qualitative coding Step 1: Initial Criteria Step 2: Open Coding Is the password related to… CODEBOOK • … the name of the service? • average of 7 codes/service • … the topic of the service? • coded 90% of analyzed passwords ! 9 Baltimore, USA | SOUPS WAY | August 12, 2018

  14. results ! 10 Baltimore, USA | August 12, 2018

  15. yes, related to name Top ten passwords per service after filtering ! 11 Baltimore, USA | SOUPS WAY | August 12, 2018

  16. yes, related to topic trooper pornstar networking headshot enjoyporn jobsearch iamthebest iloveporn business ! 12 Baltimore, USA | SOUPS WAY | August 12, 2018

  17. CODEBOOK ! 13 Baltimore, USA | SOUPS WAY | August 12, 2018

  18. users choose passwords based on other interests giants cadillac halflife patriots silverado warcraft3 wrestling peterbilt gamecube bowling accord viewsonic ! 14 Baltimore, USA | SOUPS WAY | August 12, 2018

  19. users choose passwords reflecting international backgrounds hejhej olamide jemoeder opeyemi wachtwoord babatunde panzer adekunle ! 15 Baltimore, USA | SOUPS WAY | August 12, 2018

  20. users invoke religion when it comes to jobs and love krishna ilovegod jesuschrist thankgod godisgreat ingodwetrust godislove godhelpme ! 16 Baltimore, USA | SOUPS WAY | August 12, 2018

  21. conclusions ! 17 Baltimore, USA | August 12, 2018

  22. need to account for site-specific keywords • password doesn’t fall far - 3-6% of passwords analyzed were directly related to name/ topic • many password-guessing tools/ models support custom wordlists ! 18 Baltimore, USA | SOUPS WAY | August 12, 2018

  23. use blacklists • at an absolute minimum, blacklist the service name! - looking at you: Spotify, Amazon, Facebook, Google, Hulu, Tumblr, Pinterest, Microsoft, Instagram, Twitter • balancing security and usability ! 19 Baltimore, USA | SOUPS WAY | August 12, 2018

  24. improve existing tools • popularity-based password-composition policies [Schechter et al., Hot Topics 10, Segreti et al., SOUPS17] • password-strength meters [Ur et al., CHI17] ! 20 Baltimore, USA | SOUPS WAY | August 12, 2018

  25. • Qualitative study of leaked passwords from Battlefield Heroes, Brazzers, last.fm, LinkedIn, and Mate1 • Passwords were related by service name, topic, and a variety of other salient semantic topics • Need to account for site-specific keywords The Password Doesn’t Fall Far: How Services Influence Password Choice Miranda Wei, Maximilian Golla, Blase Ur weim@uchicago.edu ! 21 title image: Baltimore, USA | SOUPS WAY | August 12, 2018 http:/ /www.fanpop.com/clubs/autumn/images/35580383/title/apple-orchard-photo

Recommend

1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm

1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm

11/17/09 1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm pretty sure it doesn't work. 3 3 11/17/09 - basic outline -problems with password usability and security -how various graphical

1.55k views • 86 slides
COMMUNITY & HOUSING SUSTAINABILITY INFLUENCES CONSUMER BEHAVIOR ULI Fall Meeting 2019

COMMUNITY & HOUSING SUSTAINABILITY INFLUENCES CONSUMER BEHAVIOR ULI Fall Meeting 2019

COMMUNITY & HOUSING SUSTAINABILITY INFLUENCES CONSUMER BEHAVIOR ULI Fall Meeting 2019 September 20, 2019 Gregg Logan, Managing Director MILLENNIALS AND SUSTAINABILITY "Today's consumers don't want to buy a product, they want to buy

303 views • 19 slides
Weaving at the Bauhaus: Origins and Influences Julia E. Benson TEXT 6910 Fall Semester, 2003

Weaving at the Bauhaus: Origins and Influences Julia E. Benson TEXT 6910 Fall Semester, 2003

Weaving at the Bauhaus: Origins and Influences Julia E. Benson TEXT 6910 Fall Semester, 2003 Johannes Itten Horizontal-Vertikal ,1915 Wassily Kandinsky Moscow I , 1916 Oil on canvas Collection of State Tretjakov Gallery,

684 views • 54 slides
Service Unit Fall Product Manager Training 1 FALL 2018 Who is a first time Service Unit Fall

Service Unit Fall Product Manager Training 1 FALL 2018 Who is a first time Service Unit Fall

Service Unit Fall Product Manager Training 1 FALL 2018 Who is a first time Service Unit Fall Product Manager? 2 3 The Team Product Program Team Carl Canale Susan Rakis Angela Foster Conchetta Jones Sheri Lambert Linda Miller Shari

1.22k views • 94 slides
Why Why Google Google Shopping doesn't Shopping doesn't work work for for many many retailers

Why Why Google Google Shopping doesn't Shopping doesn't work work for for many many retailers

Why Why Google Google Shopping doesn't Shopping doesn't work work for for many many retailers retailers Liam Patterson Founder & CEO Show of hands? Q: Who is actively running Google Shopping ? About You 27% of SHOPPERS 27% of

573 views • 30 slides
Recovery After Stroke and Genetic Influences of Neuroplasticity Noel F. So, MD Spalding

Recovery After Stroke and Genetic Influences of Neuroplasticity Noel F. So, MD Spalding

Recovery After Stroke and Genetic Influences of Neuroplasticity Noel F. So, MD Spalding Rehabilitation Hospital BIAC Fall Conference October 17, 2014 No Financial Disclosures/Off label Factors that Predict Mortality of Acute Stroke

785 views • 49 slides
Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides
Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides
November 1, 2017 Guest Login Wi-Fi Options : WiFi3 Password: wcccguest1603 Fall 2017

November 1, 2017 Guest Login Wi-Fi Options : WiFi3 Password: wcccguest1603 Fall 2017

Community Assembly November 1, 2017 Guest Login Wi-Fi Options : WiFi3 Password: wcccguest1603 Fall 2017 Cleaning from the Corridor Cleaning from the Corridor Another Successful Event! October 7 th - 9am-noon 25 total

610 views • 9 slides
Service Management Platform UIT Top 5 Fall 2013 Building a service culture Service Management

Service Management Platform UIT Top 5 Fall 2013 Building a service culture Service Management

Update on Service Management Platform UIT Top 5 Fall 2013 Building a service culture Service Management Necessary capability for UIT Embraces the ITIL framework NEEDED: a service management platform ITSM Platform Services

560 views • 43 slides
Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo Krawczyk (IBM Research) Works with Stanislaw Jarecki, Jiayu Xu (UC Irvine) Aggelos Kiayas (U Edinburgh) Nitesh Saxena, Maliheh Shirvanian (UA Birmingham)

750 views • 32 slides
Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

LastPass, a Password Manager Application CS 88S Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring 2017 Agenda Review last weeks material Some Definitions Password in the Cloud

584 views • 47 slides
LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your Master Key When you forget a password, they send a reset link to your email. Anyone with access to your email has the power to reset your other

549 views • 31 slides
Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked Can detect, reject bad passwords for an appropriate definition of bad Discriminate on per-user, per-site basis Needs to do

363 views • 21 slides
Prevention & Recovery Conference Countering Pro-Marijuana Influences in the Community

Prevention & Recovery Conference Countering Pro-Marijuana Influences in the Community

Prevention & Recovery Conference Countering Pro-Marijuana Influences in the Community Findings from a Service to Science Evaluation Enhancement November 6, 2014 Oklahoma City National Exemplary Award for National Exemplary Award for

415 views • 40 slides
Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was created, CHANGE IT NOW! (It can be the same as your email password.) Day 3 Steps in compiling: (Optional preprocessing) Lexical analysis

483 views • 17 slides
Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides
Tulane Alternative Breaks Fall Activities Expo 2020 What is TAB? TAB is a community service

Tulane Alternative Breaks Fall Activities Expo 2020 What is TAB? TAB is a community service

Tulane Alternative Breaks Fall Activities Expo 2020 What is TAB? TAB is a community service organization that plans and implements student-led service trips during fall, spring, and/or summer breaks and day trips throughout the semester. The

201 views • 16 slides
Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password management policies. ~ Trustwave Each year, over 125 millions hours of productivity are lost due to passwords management problematics. ~

950 views • 25 slides
PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory

PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory

PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory Masters Students The Center for Education and Research in Information Assurance and Security CURRENT STATUS Problem Statement Stringent

286 views • 15 slides
A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks

A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks

A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks Bauhaus-Universitt Weimar www.webis.de NDSS 2017, February 27 th 2017 Mnemonic Password Creation Password: Show password Random

684 views • 17 slides
Arteriopathy influences pediatric ischemic stroke presentation, but sickle cell disease

Arteriopathy influences pediatric ischemic stroke presentation, but sickle cell disease

1 Arteriopathy influences pediatric ischemic stroke presentation, but sickle cell disease influences stroke management Kristin P Guilliams MD, MSCI 1 , Fenella J Kirkham MD 2 , Susanne Holzhauer MD 3 , Steven Pavlakis MD 4 , Bryan Philbrook MD 5 ,

508 views • 19 slides
Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is

Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is

Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is weak authentication mechanism. Use Brute Force to find the password. We are using Hashing and Salt to protect the password. Passwords: Two factors

559 views • 51 slides
Lecture 20/Chapter 17 Psychological Influences on Personal Probabilities Definitions of

Lecture 20/Chapter 17 Psychological Influences on Personal Probabilities Definitions of

Lecture 20/Chapter 17 Psychological Influences on Personal Probabilities Definitions of Various Phenomena Examples Calibrating Experts Personal Probabilities Psychological Influences on Risk Perception Certainty effect: people

452 views • 22 slides

More recommend