Article

A large-scale study of web password habits

Authors:
Dinei Florencio

Microsoft Research

Microsoft Research
View Profile

,
Cormac Herley

Microsoft Research

Microsoft Research
View Profile

WWW '07: Proceedings of the 16th international conference on World Wide WebMay 2007Pages 657–666https://doi.org/10.1145/1242572.1242661

Published:08 May 2007Publication History

WWW '07: Proceedings of the 16th international conference on World Wide Web

Pages 657–666

ABSTRACT

We report the results of a large scale study of password use andpassword re-use habits. The study involved half a million users over athree month period. A client component on users' machines recorded a variety of password strength, usage and frequency metrics. This allows us to measure or estimate such quantities as the average number of passwords and average number of accounts each user has, how many passwords she types per day, how often passwords are shared among sites, and how often they are forgotten. We get extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. The data is the first large scale study of its kind, and yields numerous other insights into the role the passwords play in users' online experience.

References

http://www.rsasecurity.com.Google Scholar
http://www.passwordresearch.com.Google Scholar
A. Adams and M. A. Sasse. Users are not the Enemy. Comm. ACM, 1999. Google ScholarDigital Library
B. Efron and R. Thisted. Estimating the number of unknown species: How many words did Shakespeare know? Biometrika, 1976.Google Scholar
D. V. Klein. Foiling the Cracker: A Survey of, and Improvements to, Password Security. Usenix Security Workshop, 1990.Google Scholar
F. T. Grampp and R. H. Morris. UNIX Operating System Security. Bell System Tech. Jorunal, 1984.Google Scholar
E. Gaber, P. Gibbons, Y. Matyas, and A. Mayer. How to make personalized web browsing simple, secure and anonymous. Proc. Finan. Crypto '97. Google ScholarDigital Library
W. Gale. Good-Turing Smoothing Without Tears. Statistics Research Reports from AT&T Laboratories 94.5, AT&T Bell Laboratories, 1994.Google Scholar
J. Yan and A. Blackwell and R. Anderson and A. Grant. Password Memorability and Security: Empirical Results. IEEE Security & Privacy, 2004. Google ScholarDigital Library
Jefferson Wells Inc. Microsoft Phishing Filter Feature in Internet Explorer 7 and Windows Live Toolbar. 2006. http://www.jeffersonwells.com/clientauditreports/Microsoft PF IE7IEToolbarFeature Privacy Audit 20060728.pdf.Google Scholar
Anti-Phishing Working Group. http://www.antiphishing.org.Google Scholar
R. Morris and K. Thompson. Password Security: A Case History. Comm. ACM, 1979. Google ScholarDigital Library
B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. Proceedings of the 14th Usenix Security Symposium, 2005. Google ScholarDigital Library
M. E. Russinovich and D. A. Solomon. Microsoft Windows Internals. Microsoft Press, 2005.Google Scholar

Index Terms

A large-scale study of web password habits
1. Security and privacy
  1. Security services
    1. Authentication

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WWW '07: Proceedings of the 16th international conference on World Wide Web
May 2007
1382 pages
ISBN:9781595936547
DOI:10.1145/1242572
General Chairs:
Carey Williamson
University of Calgary, Canada
,
Mary Ellen Zurko
IBM, USA
,
Program Chairs:
Peter Patel-Schneider
Bell Labs Research, USA
,
Prashant Shenoy
University of Massachusetts at Amherst, USA
Copyright © 2007 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 May 2007
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
authentication
measurements
password
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate1,899of8,196submissions,23%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 616
  Total Citations
  View Citations
- 5,841
  Total Downloads
- Downloads (Last 12 months)388
- Downloads (Last 6 weeks)91
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A large-scale study of web password habits

WWW '07: Proceedings of the 16th international conference on World Wide Web

ABSTRACT

References

Cited By

Index Terms

Recommendations

Web Password Book: Discreet Password Book - Password Saver - 5 by 8 With 300 Password Records - Password Reminder Vol.10 Password Book

Web Password Book: 5 by 8 - An Alphabetical Internet And Password - 300 Password Records Vol.9 Password Book

Web Password Book: Internet Password Organizer - (Discreet Password Journal) - An Internet Address Password Journal - Vol.4 Password Book