This paper describes the results of a study designed to compare perceptions and practices regarding password strength among college students. In particular, the study compares perceived and actual email password strengths of computer science majors with those of other majors, as well as attitudes regarding the importance of password safety. Based on existing literature on password strength measures, a simple algorithm is presented for evaluating password strength based on reported password characteristics. The results indicate that there exists a statistically significant difference between computer science majors and non-CS majors, but not between beginning and advanced computer science majors. In general, students' perceptions of their own password strengths are weakly correlated to the actual computed password strength.
[1]
Katha Chanda,et al.
Password Security: An Analysis of Password Strengths and Vulnerabilities
,
2016
.
[2]
Blase Ur,et al.
Measuring password guessability for an entire university
,
2013,
CCS.
[3]
Blase Ur,et al.
Designing Password Policies for Strength and Usability
,
2016,
ACM Trans. Inf. Syst. Secur..
[4]
Mohammad Mannan,et al.
A Large-Scale Evaluation of High-Impact Password Strength Meters
,
2015,
TSEC.
[5]
Larry Holt.
Increasing real-world security of user IDs and passwords
,
2011,
InfoSecCD.