Encountering Stronger Password Requirements: User Attitudes and Behaviors
Text-based passwords are still the most commonly used authentication mechanism in information systems. The authors took advantage of a unique opportunity presented by a significant change in the Carnegie Mellon University (CMU) computing services password policy that required users to change their passwords. Through the survey of 470 CMU computer users, they collected data about behaviors and practices related to the use and creation of passwords. They also captured users' opinions about the new, stronger policy requirements. The analysis shows that, although most of the users were annoyed by the need to create a complex password, they believe that they are now more secure.