Masters Theses

Date of Award

5-2023

Degree Type

Thesis

Degree Name

Master of Science

Major

Computer Science

Major Professor

Scott I. Ruoti

Committee Members

Scott I. Ruoti, Doowon Kim, Jinyuan Sun

Abstract

Having your account compromised can lead to serious complications in your life. One
way accounts become compromised is through the security risks associated with weak
passwords and reused passwords [22,23]. In this thesis, we seek to understand how
entering passwords on non-PC devices contributes to the problems of weak and reused
passwords. To do so, we conducted a survey that was distributed to people in the
the Western World. In our survey results, we found that users commented about
how the current password model was not created with a variety of device types in
mind, which created frustrations and complexity in the authentication process. We
also found that users will try to prioritize using the devices that are fast and the
ones they are familiar with. While users are most frequently authenticating using
keyboards and mice, and generally had a strong preference for physical devices, we
also found that touchscreen and mobile devices were the next most frequent device
used to authenticate. When authenticating on other devices, users listed a number
of frustrations like not having access to password managers and having to use arrow
keys to input passwords, which made the whole process slower and more complex.
Ultimately, these frustrations caused a majority of users to create intentionally weak
passwords so they could authenticate faster and it caused other users to simply refuse
to use the device or service. This shows that there are specific user needs that are not
being met when it comes to the current authentication scheme, and to rectify this,
we suggest a preliminary model for how password managers might better meet these
needs in the conclusion of this paper.

Download
Files over 3MB may be slow to open. For best results, right-click and select "save as..."

Share

COinS