4

Are there any academic articles on how people handle their passwords - how many they use in total, how often they change it, whether they commonly store it somewhere or just remember them and so forth?

ThePiachu
  • 365
  • 3
  • 8

5 Answers5

3

Microsoft Research: A large scale study on password habits

http://research.microsoft.com/apps/pubs/?id=74164

Or google "password user habits" for examples.

twobeers
  • 1,079
  • 5
  • 10
1

This is not exactly about password management, it focuses on password creation. I thought that you could find it useful anyway: http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf

user1301428
  • 1,947
  • 1
  • 23
  • 29
1

There is quite a lot of academic work in the area of password selection, prominent papers include:

Yan et al 2000, Kuo et al 2006 and Bonneau and Preibusch 2010

Joseph Bonneau from Cambridge University has done a lot of work in this area including the final paper above and http://www.cl.cam.ac.uk/~jcb82/doc/BS12-USEC-passphrase_linguistics.pdf, he is a regular contributor to the Cambridge University Computer Laboratory Security Research blog which is a good source for papers on passwords and proposals for replacing them.

Bell
  • 975
  • 9
  • 12
1

The book Security and Usability by Garfinkel and Cranor has relevant chapters from researchers in the field:

  • Chapter 1: Psychological Acceptability Revisited investigates the effort investment that passwords, patching etc require, and how much investment can be requested before people give up and try to subvert the system.
  • Chapter 6: Evaluating Authentication Mechanisms looks at the more general field of investigating the usability of authentication techniques.
  • Chapter 7: The Memorability and Security of Passwords is probably exactly what you want ;-)
  • Chapter 9: Graphical Passwords investigates that alternative.
-3

You should probably get a good hash function and you can just store it, on a database. Because a good enough hashed password will tell you no information about your password. Also attempted passwords you can count that, but the other information seems irrelevant imo.

Peter P
  • 1
  • 1
  • 2
    The question is more about statistics on how users handle their passwords - how many of them use one password everywhere, how many of them vary it and so forth – ThePiachu May 23 '12 at 05:15