Effects of Peer Feedback on Password Strength

Abstract

This thesis is a study on the effects of peer-feedback on a user’s password strength. Passwords are a common sight in everyday use of an average end user. Text-based passwords are heavily relied upon when it comes to user authentication employed in various account management scenarios. Most users do not pay attention to or understand the importance of creating a secure password. Lack of strong passwords means that it is the single most vulnerable point to gain unauthorized access to the resource as prior studies have uncovered that most passwords are significantly weak and hence, easy to crack. Consequently, exploring mechanisms which improve password security has been the main focus of a significant body of research. To this end, we introduced a peer-feedback password meter which shows how the strength of the user’s password compares to the strength of passwords used by other users. To achieve this goal, we conducted a user study where we asked users to create an account on a hypothetical website. The users were either shown a traditional password meter or a peer-feedback meter. Our findings suggest that when told to create a unique password, the peer-feedback password meter significantly increased the strength of the password as compared to a traditional password meter. This approach could potentially be one of the methods to encourage end users to create a stronger password.