In an era where digital services and password-protected platforms are becoming ubiquitous in various aspects of our lives, from healthcare technology to home environments, security has emerged as a paramount concern. To remotely access these devices, users must go through an authentication process, which typically involves the use of passwords. These passwords must meet two essential criteria: usability and security. Usability implies that passwords should be easy for users to remember and use. Security requires that passwords be resistant to unauthorized access. This study aims to investigate potential links between human behavior and password selection, as well as users’ perceptions of password security. To address this issue, we analyzed multiple data leaks and surveyed 217 users across various age groups and backgrounds. Data analysis reveals that, regardless of educational or professional background, most people tend to opt for simple, easily guessable passwords. Surprisingly, users with a technology background chose the weakest passwords. Based on the results of our analysis, we propose recommendations for both users and IT professionals. These suggestions can help users create stronger passwords and help IT professionals formulate effective access policies.

Understanding how users choose passwords: analysis and best practices

Alessia Michela Di Campi;Flaminia Luccio
2024-01-01

Abstract

In an era where digital services and password-protected platforms are becoming ubiquitous in various aspects of our lives, from healthcare technology to home environments, security has emerged as a paramount concern. To remotely access these devices, users must go through an authentication process, which typically involves the use of passwords. These passwords must meet two essential criteria: usability and security. Usability implies that passwords should be easy for users to remember and use. Security requires that passwords be resistant to unauthorized access. This study aims to investigate potential links between human behavior and password selection, as well as users’ perceptions of password security. To address this issue, we analyzed multiple data leaks and surveyed 217 users across various age groups and backgrounds. Data analysis reveals that, regardless of educational or professional background, most people tend to opt for simple, easily guessable passwords. Surprisingly, users with a technology background chose the weakest passwords. Based on the results of our analysis, we propose recommendations for both users and IT professionals. These suggestions can help users create stronger passwords and help IT professionals formulate effective access policies.
2024
ITASEC’24: The Italian Conference on CyberSecurity
File in questo prodotto:
File Dimensione Formato  
DiCampiLuccio24.pdf

accesso aperto

Tipologia: Versione dell'editore
Licenza: Creative commons
Dimensione 969.98 kB
Formato Adobe PDF
969.98 kB Adobe PDF Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/5057507
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact