I'm too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails

被引：14

作者：

Huh, Jun Ho ^{[1
]}

Kim, Hyoungshick ^{[2
]}

Rayala, Swathi S. V. P. ^{[3
]}

Bobba, Rakesh B. ^{[3
]}

Beznosov, Konstantin ^{[4
]}

机构：

[1] Honeywell ACS Labs, Seoul, South Korea

[2] Sungkyunkwan Univ, Seoul, South Korea

[3] Oregon State Univ, Corvallis, OR 97331 USA

[4] Univ British Columbia, Vancouver, BC, Canada

来源：

PROCEEDINGS OF THE 2017 ACM SIGCHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYSTEMS (CHI'17) | 2017年

关键词：

Password reset; password breach; reset email; LinkedIn;

D O I：

10.1145/3025453.3025788

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46% of the participants reset their passwords. The mean time taken to reset password was 26 : 3 days, revealing that a significant proportion of the participants reset their password a few weeks, or even months after first receiving the email. Our findings suggest that more effective persuasive measures need to be added to convince users to reset their password in a timely manner, and further reduce the risks associated with delaying password resets.

引用

页码：387 / 391

页数：5

共 30 条

[1] The Password Reset MitM Attack
Gelernter, Nethanel
Kalma, Senia
Magnezi, Bar
Porcilan, Hen
2017 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2017, : 251 - 267
[2] ADVANCED AUTHENTICATION & PASSWORD RESET MANAGER
Bamnodkar, P. A.
Sawant, H. K.
Garje, G. V.
Kulkarni, Pankaj
ICCNT 2009: PROCEEDINGS OF THE 2009 INTERNATIONAL CONFERENCE ON COMPUTER AND NETWORK TECHNOLOGY, 2010, : 187 - +
[3] You Reset I Attack! A Master Password Guessing Attack Against Honey Password Vaults
Rao, Tingting
Su, Yixin
Xu, Peng
Zheng, Yubo
Wang, Wei
Jin, Hai
COMPUTER SECURITY - ESORICS 2023, PT III, 2024, 14346 : 141 - 161
[4] Provably Secure Password Reset Protocol: Model, Definition, and Construction
Ohata, Satsuya
Matsuda, Takahiro
Matsuura, Kanta
2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (IEEE TRUSTCOM) / 12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (IEEE BIGDATASE), 2018, : 774 - 782
[5] You've Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures
Innocenti, Tommaso
Mirheidari, Seyed Ali
Kharraz, Amin
Crispo, Bruno
Kirda, Engin
DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT, DIMVA 2021, 2021, 12756 : 1 - 20
[6] I'm connected to the universe, but I forgot my password
Ajluni, C
ELECTRONIC DESIGN, 2000, 48 (01) : 83 - +
[7] Attacks and Vulnerability Analysis of E-Mail as a Password Reset Point
Routh, Caleb
DeCrescenzo, Brandon
Roy, Swapnoneel
PROCEEDINGS OF THE 2018 FOURTH INTERNATIONAL CONFERENCE ON MOBILE AND SECURE SERVICES (MOBISECSERV), 2018,
[8] Impact Assessment of Password Reset PRMitM attack with Two-factor Authentication
Sasa, Kota
Kikuchi, Hiroaki
2018 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING (DSC), 2018, : 90 - 97
[9] Impact Assessment of Password Reset PRMitM Attack with Two-Factor Authentication
Sasa, Kota
Kikuchi, Hiroaki
JOURNAL OF INTERNET TECHNOLOGY, 2019, 20 (07): : 2297 - 2306
[10] THE I FORGOT MY PASSWORD BLUES
EGAN, F
ELECTRONIC PRODUCTS MAGAZINE, 1995, 38 (03): : 7 - 7

← 1 2 3 →