Skip to main content

Seminar:  Helping Users Create Better Passwords

Date:October 29, 2012 
Talk Title:Helping Users Create Better Passwords
Speaker:Lujo Bauer
Time & Location:12:00pm - 1:00pm
CIC Building, Pittsburgh


Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers' capabilities to perform password cracking. In response to this threat, password composition policies have grown increasingly complex. In this talk, I will first review our earlier results on the security and usability of different password-composition policies, and of metrics for quantifying password security.

I will then discuss two more recent studies of passwords. In one, we take a look at passphrases, which have been suggested as secure and usable for decades. Through empirical investigation, we seek to determine whether passphrases are or can be the panacea for user authentication. (Spoiler: probably not.) In the second study, we focus on password-strength meters. These visual indicators of password strength are commonly used in the hope of nudging users to create better passwords, but their effects on the security and usability of passwords have not been well understood. Our work seeks to empirically determine these effects, as well as to shed light on which elements of password-meter design are important.

Speaker Bio

Lujo Bauer Lujo Bauer is an Assistant Research Professor in CyLab and the Electrical and Computer Engineering Department at Carnegie Mellon University. Lujo's research interests span many areas of computer security, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system.