A Large-Scale Study of Web Password Habits

Dinei Florencio and Cormac Herley

Abstract

We report the results of a large scale study of password use and password re-use habits. The study involved half a million users over a three month period. A client component on users' machines recorded a variety of password strength, usage and frequency metrics. This allows us to measure or estimate such quantities as the average number of passwords and average number of accounts each user has, how many passwords she types per day, how often passwords are shared among sites, and how often they are forgotten. We get extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. The data is the first large scale study of its kind, and yields numerous other insights into the role the passwords play in users' online experience.

Details

Publication typeInproceedings
Published inProceedings of the 16th international conference on the World Wide Web
Pages657-666
PublisherAssociation for Computing Machinery, Inc.
> Publications > A Large-Scale Study of Web Password Habits