John Sadik

Abstract:  Having your account compromised can lead to serious complications in your life. One way accounts become compromised is through the security risks associated with weak passwords and reused passwords [22,23]. In this thesis, we seek to understand how entering passwords on non-PC devices contributes to the problems of weak and reused passwords. To do so, we conducted a survey that was distributed to people in the the Western World. In our survey results, we found that users commented about how the current password model was not created with a variety of device types in mind, which created frustrations and complexity in the authentication process. We also found that users will try to prioritize using the devices that are fast and the ones they are familiar with. While users are most frequently authenticating using keyboards and mice, and generally had a strong preference for physical devices, we also found that touchscreen and mobile devices were the next most frequent device used to authenticate. When authenticating on other devices, users listed a number of frustrations like not having access to password managers and having to use arrow keys to input passwords, which made the whole process slower and more complex. Ultimately, these frustrations caused a majority of users to create intentionally weak passwords so they could authenticate faster and it caused other users to simply refuse to use the device or service. This shows that there are specific user needs that are not being met when it comes to the current authentication scheme, and to rectify this, we suggest a preliminary model for how password managers might better meet these needs in the conclusion of this paper.

• Download paper