Skip to main content

Is pa$$w0rd1 a good password or a bad one? Towards more secure and usable text passwords

Lujo Bauer

Many security problems arise at the interface between computer systems and their users.  One set of such problems relates to authentication and text-based passwords, which despite numerous shortcomings and attacks remain the dominant authentication method in computer systems.

 

For several years, we've been studying how to help users create passwords that are hard for attackers to crack, but are still easy for users to remember and use.  A key challenge in this work was to develop and validate a methodology for collecting passwords and assessing their strength and usability.  I'll discuss our approach, and how we applied it to over 50,000 participants to study a range of topics -- including the effects on password security and usability of different password-composition policies, password meters, and other user guidance; and whether users make poor passwords on purpose or because they don't know any better.  I'll also attempt to answer the age-old question: Do computer scientists or engineers make stronger passwords?

Speaker bio

Lujo Bauer is an Associate Professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D., also in Computer Science, from Princeton University in 2003. Dr. Bauer's research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online.

Dr. Bauer recently served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.

 

 

Share this: