Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Students and Grants
  • Program
    • At a Glance
    • Symposium Program
    • 2nd Workshop on Security Information Workers
    • Who Are You?! Adventures in Authentication
    • Workshop on Privacy Indicators
    • Workshop on Security Fatigue
    • Workshop on the Future of Privacy Notices and Indicators: Will Drones Deliver My Privacy Policy?
  • Activities
    • Poster Session
    • Birds-of-a-Feather Sessions
  • Sponsorship
  • Participate
    • Instructions for Authors and Speakers
    • Call for Nominations
    • Call for Papers
    • Call for Posters and Proposals
      • Call for Papers: 2nd Workshop on Security Information Workers
      • Call for Papers: Who are you?! Adventures in Authentication
      • Call for Papers: Workshop on Privacy Indicators
      • Call for Papers: Workshop on Security Fatigue
      • Workshop: Will Drones Deliver My Privacy Policy?
  • About
    • Organizers
    • Past Symposia

sponsors

Gold Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Industry Partner
  • Home
  • Attend
  • Program
  • Activities
  • Sponsorship
  • Participate
  • About

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Understanding Password Choices: How Frequently Entered Passwords Are Re-used across Websites
Tweet

connect with us

Understanding Password Choices: How Frequently Entered Passwords Are Re-used across Websites

Authors: 

Rick Wash and Emilee Rader, Michigan State University; Ruthie Berman, Macalester College; Zac Wellmer, Michigan State University

Abstract: 

From email to online banking, passwords are an essential component of modern internet use. Yet, users do not always have good password security practices, leaving their accounts vulnerable to attack. We conducted a study which combines self-report survey responses with measures of actual online behavior gathered from 134 participants over the course of six weeks. We find that people do tend to re-use each password on 1.7–3.4 different websites, they reuse passwords that are more complex, and mostly they tend to re-use passwords that they have to enter frequently. We also investigated whether self-report measures are accurate indicators of actual behavior, finding that though people understand password security, their self-reported intentions have only a weak correlation with reality. These findings suggest that users manage the challenge of having many passwords by choosing a complex password on a website where they have to enter it frequently in order to memorize that password, and then re-using that strong password across other websites.

Rick Wash, Michigan State University

Emilee Rader, Michigan State University

Ruthie Berman, Macalester College

Zac Wellmer, Michigan State University

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Wash PDF
View the slides

Presentation Audio

MP3 Download

Download Audio

  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

© USENIX

  • Privacy Policy
  • Contact Us