POGONATUM : morphology, anatomy, reproduction etc.
Influencing Self-selected Passwords Through Suggestions and the Decoy Effect - Presentation
1. INFLUENCING SELF-SELECTED PASSWORDS
THROUGH SUGGESTIONS AND THE DECOY EFFECT
Tobias Seitz, Emanuel von
Zezschwitz, Stefanie Meitner,
Heinrich Hussmann
Media Informatics Group
LMU Munich
2. TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 3
http://www.theregister.co.uk/2016/06/06/facebook_zuckerberg_social_media_accnt_pwnage/
3. IMPROVING ‘DADADA’: GENERATED PASSWORDS
Security:
Random system generated passwords would help to secure an account
Usability:
Password manager necessary for passwords like XN69Nt3uSDJxhJMd
è How can we make generated passwords more usable?
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 4
Rhymes?
(Ghazvininejad & Knight 2015)
Pronounceable Syllables?
(Gasser 1975)
Real words?
(Shay et al. 2012)
4. IMPROVING GENERATED PASSWORDS: PHRASES
CorrectHorseBatteryStaple
Security: Word-based passphrases perform well against cracking attacks
Usability:
Easy to type, but more prone to typos than shorter passwords
Memorability similar to more complex passwords
è How can we make generated passphrases more attractive?
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 5
5. IMPROVING PHRASES: SHOW ALTERNATIVES
Challenges of suggesting passphrases:
Unattractive word constellation, e.g. Girth-Infix-Thine-Propyl
Users mistrust password suggestions, especially if they “look insecure”
è How can we highlight the benefits and convince users of passphrase security?
è Use password meters and the decoy effect
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 6
astley123
Tr0ub4dor&3
CorrectHorseBatteryStaple
6. THEORETICAL BACKGROUND &
CONCEPT DEVELOPMENT
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 7
7. PERSUASION & NUDGING
Password meters and feedback:
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 8
Shay et al., CHI 2015
Suggestion and guidance:
Yahoo
Dropbox
eBay
tumblr
8. THE DECOY EFFECT - EXAMPLE
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 9
328€ 799€
9. THE DECOY EFFECT - EXAMPLE
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 10
1799€328€ 799€
10. THE DECOY EFFECT - EXAMPLE
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 11
1799€328€ 799€
Competitor
Low quality
Low price
Target
High quality
Higher price
Decoy
High quality
Highest price
11. THE DECOY EFFECT - EXAMPLE
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 12
1799€328€ 799€
Competitor
Low quality
Low price
Target
High quality
Higher price
Decoy
High quality
Highest price
12. RESEARCH QUESTIONS
RQ1: Can we make suggested passwords more attractive with the decoy effect?
RQ2: Do password-suggestions influence self-selected passwords?
RQ3: How is password memorability affected by suggesting random passwords?
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 13
13. CONCEPT
Choice architecture revolves around suggesting alternatives
Competitor: self-selected password
Target: passphrase
highest strength
Decoy: mangled dictionary word
high strength
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 14
CorrectHorseBatteryStaple
Tr0ub4Dor&8
14. STRENGTH VS EFFORT
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 15
1
2
3
4
5
Strength
Effort
Competitor
Target
DecoyCorrectHorseBatteryStaple
Tr0ub4Dor&8
16. STUDY DESIGN
Between groups with four conditions:
Control: no suggestions
Words: passphrase of 4 dictionary words
Mangled: mangled dictionary word + special character + digits
Decoy: both the passphrase and the mangled password
Two study sessions
Session 1: Password selection, qualitative feedback
Session 2: Memorability, qualitative feedback
Conducted on-line with crowdsourcing tool Prolific.ac
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 17
21. SAMPLE & DEMOGRAPHY
N = 83 valid responses from both sessions (35 female participants)
Recruiting only in USA (58%) and UK (42%)
Average age 30 years (SD=10, [18;61])
78% employed, 12% students, 10% unemployed
Group distribution:
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 22
18 24 21 20
Control Words Mangled Decoy
22. MEASUREMENTS
Passwords were not collected in plain text
Strength estimation: zxcvbn algorithm (D. Wheeler, USENIX Security ‘16)
estimated guesses for sophisticated attackers
strength score (0 - 4)
length
uppercase, lowercase, digits, special characters
Qualitative feedback and self-assessment
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 23
24. SUGGESTION ATTRACTIVENESS
9 respondents (14%) accepted a suggestion (4 in Words, 2 in Mangled, 3 in Decoy)
Main reason for declining: Lack of personalization
Memorability results:
generally low performance for all participants (40% overall success rate)
1 of the 9 respondents who accepted was able to recall the mangled password
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 25
25. INFLUENCE ON PASSWORD GUESSABILITY
●●
●●
●●
●●
●●
●●
Mangled−Control
Words−Control
Words−Mangled
Decoy−Control
Decoy−Mangled
Decoy−Words
−5 0 5
●●
●●
p<0.05
Non−Sig
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 26
26. INFLUENCE ON PASSWORD GUESSABILITY
●●
●●
●●
●●
●●
●●
Mangled−Control
Words−Control
Words−Mangled
Decoy−Control
Decoy−Mangled
Decoy−Words
−5 0 5
●●
●●
p<0.05
Non−Sig
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 27
27. POLICY CLASSIFICATION
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 28
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Control Mangled Words Decoy
Basic
Complex
28. POLICY CLASSIFICATION
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 29
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Control Mangled Words Decoy
Basic
Complex
30. SUGGESTION REJECTED, YET INFLUENCED
Participants were influenced by suggestions:
The passphrase nudged participants to elongate their own password.
The mangled password nudged them to fulfill complex policies.
The decoy effect did not make suggestions more attractive.
Implications
Display one suggestion during password creation instead of two.
Use context to decide which suggestion to display
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 31
31. BASELINE STRENGTHS WERE VERY HIGH
72 % created a “strong” password.
Passwords in all conditions were estimated stronger than those found in leaked data.
Implications
Only display suggestions when necessary.
Evaluate our nudging approach in the wild to validate the effect.
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 32
33. TAKE HOME MESSAGES
§ The presence of a suggestion can have an influence on self-selected passwords.
§ Suggest one password and provide feed-forward to the user.
(“Here’s a strong password for you: ...”)
§ The decoy effect does not translate to passwords directly.
§ Other disciplines can inspire concepts and produce unanticipated results.
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 34
34. THANKS!
Tobias Seitz, Emanuel von Zezschwitz, Stefanie Meitner, and Heinrich Hussmann
tobias.seitz@ifi.lmu.de - @TbsStz
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 35
35. REFERENCES
1. Morrie Gasser. 1975. A Random Word Generator for Pronounceable
Passwords. Bedford, Massachusetts. Retrieved from http://www.dtic.mil/cgi-
bin/GetTRDoc?AD=ADA017676
2. Marjan Ghazvininejad and Kevin Knight. 2015. How to Memorize a Random
60-Bit String.
3. Richard Shay, Patrick Gage Kelley, Saranga Komanduri, et al. 2012. Correct
Horse Battery Staple. Proceedings of the Eighth Symposium on Usable Privacy and
Security (SOUPS ’12), ACM, 1–20. http://doi.org/10.1145/2335356.2335366
4. Daniel Lowe Wheeler. zxcvbn : Low-Budget Password Strength Estimation.
To appear in: Proceedings of the 25th USENIX Security Symposium (USENIX Security
16), USENIX Association, 17 pages.
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 36
36. REFERENCES
5. Seitz, T., von Zezschwitz, E., Meitner, S., & Hussmann, H. (2016). Influencing
Self-selected Passwords Through Suggestions and the Decoy Effect. In Proceedings of
the EuroUSEC Workshop, Internet Society, Darmstadt. 8 Pages.
6. Shay, R., Komanduri, S., Durity, A. L., Huh, P. S., Mazurek, M. L., Segreti, S. M.,
… Cranor, L. F. (2014). Can Long Passwords Be Secure and Usable? In Proceedings of
the SIGCHI Conference on Human Factors in Computing Systems (CHI ’14).
http://doi.org/http://dx.doi.org/10.1145/2556288.2557377
TOBIAS.SEITZ@IFI.LMU.DE - INFLUENCING SELF-SELECTED PASSWORDS THROUGH SUGGESTIONS AND THE DECOY EFFECT 37