Users’ Perceptions of Password Security Don’t Always Match Reality

Users' Perceptions of Password Security Don't Always Match Reality

Participants, on average, also believed any password with numbers and symbols was a strong password, which is not always true. For example, [email protected] was thought to be more secure than pAsswOrd, but the researchers’ attacker model predicted that it would take 4,000 times more guesses to crack pAsswOrd than [email protected] In modern day password-cracking tools, replacing letters with numbers or symbols is predictable.

For example, study participants expected ieatkale88 to be roughly as secure as iloveyou88; one said “both are a combination of dictionary words and are appended by numbers.” However, when researchers used a model to predict the number of guesses an attacker would need to crack each password, ieatkale88 would require four billion times more guesses to crack because the string “iloveyou” is one of the most common in passwords.


Your e-mail address will not be published.
Required fields are marked*