TY - GEN
T1 - Understanding How People Share Passwords
AU - Moh, Phoebe
AU - Yang, Andrew
AU - Malkin, Nathan
AU - Mazurek, Michelle L.
N1 - Publisher Copyright:
Copyright is held by the author/owner.
PY - 2024
Y1 - 2024
N2 - Many systems are built around the assumption that one account corresponds to one user. Likewise, password creation and management is often studied in the context of single-user accounts. However, account and credential sharing is commonplace, and password generation has not been thoroughly investigated in accounts shared among multiple users. We examine account sharing behaviors, as well as strategies and motivations for creating shared passwords, through a census-representative survey of U.S. users (n = 300). We found that password creation for shared accounts tends to be an individual, rather than collaborative, process. While users tend to have broadly similar password creation strategies and goals for both their personal and shared accounts, they sometimes make security concessions in order to improve password usability and account accessibility in shared accounts. Password reuse is common among accounts collectively shared within a group, and almost a third of our participants either directly reuse or reuse a variant of a personal account password on a shared account. Based on our findings, we make recommendations for developers to facilitate safe sharing practices.
AB - Many systems are built around the assumption that one account corresponds to one user. Likewise, password creation and management is often studied in the context of single-user accounts. However, account and credential sharing is commonplace, and password generation has not been thoroughly investigated in accounts shared among multiple users. We examine account sharing behaviors, as well as strategies and motivations for creating shared passwords, through a census-representative survey of U.S. users (n = 300). We found that password creation for shared accounts tends to be an individual, rather than collaborative, process. While users tend to have broadly similar password creation strategies and goals for both their personal and shared accounts, they sometimes make security concessions in order to improve password usability and account accessibility in shared accounts. Password reuse is common among accounts collectively shared within a group, and almost a third of our participants either directly reuse or reuse a variant of a personal account password on a shared account. Based on our findings, we make recommendations for developers to facilitate safe sharing practices.
UR - http://www.scopus.com/inward/record.url?scp=85204873364&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85204873364&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85204873364
T3 - Proceedings of the 20th Symposium on Usable Privacy and Security, SOUPS 2024
SP - 219
EP - 237
BT - Proceedings of the 20th Symposium on Usable Privacy and Security, SOUPS 2024
PB - USENIX Association
T2 - 20th Symposium on Usable Privacy and Security, SOUPS 2024
Y2 - 12 August 2024 through 13 August 2024
ER -