To read the full version of this content please select one of the options below:

A comparison of password feedback mechanisms and their impact on password entropy

Mark Ciampa (Western Kentucky University, Bowling Green, Kentucky, USA)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 25 November 2013

1033

Abstract

Purpose

Text-based passwords created by users are typically weak. A common mitigation is to provide meaningful feedback to users regarding the relative strength of their newly created password. However, the effects of these feedback mechanisms on users to create stronger passwords have not been well studied. This study examined four different types of password feedback mechanisms to determine which, if any, are the most effective. The paper aims to discuss these issues.

Design/methodology/approach

Undergraduate student volunteers created four different passwords and then entered the passwords into four different online password feedback mechanisms. Participants were then asked whether the feedback persuaded them to change their original password.

Findings

In all cases, the feedback mechanisms significantly influenced users with lower password entropy to choose a more secure password. The password feedback mechanism that was most effective was the feedback of the estimated amount of time to break the password.

Research limitations/implications

Undergraduate students in an academic environment were the participants, which may limit external validity.

Practical implications

The implications are for designers of web sites and other applications that require users to create a text-based password: any feedback mechanism can influence users to create passwords with higher entropy, yet those that indicate the length of time it would take to crack the password are most effective.

Originality/value

There are a wide variety of password feedback mechanisms in use. However, their effects on influencing users to create stronger passwords have not been well studied.

Keywords

Citation

Ciampa, M. (2013), "A comparison of password feedback mechanisms and their impact on password entropy", Information Management & Computer Security, Vol. 21 No. 5, pp. 344-359. https://doi.org/10.1108/IMCS-12-2012-0072

Publisher

:

Emerald Group Publishing Limited

Copyright © 2013, Emerald Group Publishing Limited

Related articles