Password management strategies for online accounts

Shirley Gaw, Edward W. Felten

Research output: Chapter in Book/Report/Conference proceedingConference contribution

198 Scopus citations


Given the widespread use of password authentication in online correspondence, subscription services, and shopping, there is growing concern about identity theft. When people reuse their passwords across multiple accounts, they increase their vulnerability; compromising one password can help an attacker take over several accounts. Our study of 49 undergraduates quantifies how many passwords they had and how often they reused these passwords. The majority of users had three or fewer passwords and passwords were reused twice. Furthermore, over time, password reuse rates increased because people accumulated more accounts but did not create more passwords. Users justified their habits. While they wanted to protect financial data and personal communication, reusing passwords made passwords easier to manage. Users visualized threats from human attackers, particularly viewing those close to them as the most motivated and able attackers; however, participants did not separate the human attackers from their potentially automated tools. They sometimes failed to realize that personalized passwords such as phone numbers can be cracked given a large enough dictionary and enough tries. We discuss how current systems support poor password practices. We also present potential changes in website authentication systems and password managers.

Original languageEnglish (US)
Title of host publicationACM International Conference Proceeding Series - Proceedings of the Second Symposium on Usable Privacy and Security, SOUPS 2006
Number of pages12
StatePublished - 2006
Event2nd Symposium on Usable Privacy and Security, SOUPS 2006 - Pittsburgh, PA, United States
Duration: Jul 12 2006Jul 14 2006

Publication series

NameACM International Conference Proceeding Series


Other2nd Symposium on Usable Privacy and Security, SOUPS 2006
Country/TerritoryUnited States
CityPittsburgh, PA

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


  • Password
  • Security
  • Survey
  • User behavior


Dive into the research topics of 'Password management strategies for online accounts'. Together they form a unique fingerprint.

Cite this