Liquid Media's Apps

Password Strength

My newfound interest in usable security has led me to Richard M. Conlan's Password UI Study. His work-in-progress paper describes a really neat password hint widget, which he's implemented in Java:

  • The control — this is the same old password / new password / confirm widget that you see on most sites and applications
  • Progress bar — give some feedback on password quality with a progress bar
  • Smiley face — the bigger the smile, the better the password
  • Warning — Your password can be broken in 1 day/week/etc.

Of these, the smiley face is my favourite because it encourages the user. I find the warning, which opts to warn the user instead of encourage, a bit negative. The smiley is probably most appropriate in a web app where authentication is routine, and the user isn't protecting anything too valuable. The warning may be more appropriate in a banking/financial context where the user has a stake in his/her password strength.

Tagged passwords and security.
blog comments powered by Disqus