ITL- Usability of Passwords

NIST Generic Clearance for Usability Data Collections

0693-0043password_survey_personal_April10 2014

ITL- Usability of Passwords

OMB: 0693-0043

Document [docx]
Download: docx | pdf

Personal Password Usability Survey

This collection of information contains Paperwork Reduction Act (PRA) requirements approved by the Office of Management and Budget (OMB). Notwithstanding any other provisions of the law, no person is required to respond to, nor shall any person be subject to a penalty for failure to comply with, a collection of information subject to the requirements of the PRA unless that collection of information displays a currently valid OMB control number. Public reporting burden for this collection is estimated to be 30 minutes per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed and completing and reviewing the collection of information. Send comments regarding this burden estimate or any aspect of this collection of information, including suggestions for reducing this burden, to the National Institute of Standards and Technology, Attn: Mary Theofanos, NIST Information Technology Laboratory, 100 Bureau Drive, MS 8940, Gaithersburg, MD, 20899-8940; email: mary.theofanos@nist.gov; telephone: 301-975-5889

OMB Control No. 0693-0043

Expiration Date: 10-31-2016


The usability scientists are conducting an independent research project on password usability. Passwords are the source of many cartoons and office jokes. These cartoons and jokes are not based on good scientific data but rather on anecdotal evidence.

This survey asks questions about accounts and passwords that you use personally, outside of your work. We don’t want your actual passwords. We do want to understand:

- how many personal accounts and passwords you have

- what strategies you use to create and manage your passwords

- your opinions on the password requirements for those accounts.

Your input will help us to provide a sound scientific basis that can inform password policies in the future. The results of this survey will be used to improve the usability of passwords and the login process. Thank you for your help!

Taking the survey is completely voluntary and anonymous. No personally identifiable information will be collected.

It takes about 30 minutes to complete the survey.

Please use the “Next” or “Back” button at the bottom of each page to navigate within the survey.

All questions are optional.

About your personal accounts

Before you begin, please think about all of your personal, not work-related, accounts (including computers) that require logins.

1. Do you have personal accounts in the categories listed below that require a password? If yes, enter the number of accounts in that category and select how often you use those accounts; if no, select “Never.”

Number of accounts

Several times a day

About once a day

Several times a week

About once a week

Several times a month

Several times a year

Never

Email

______

Personal computers requiring passwords

______

Mobile devices requiring passwords (e.g., smartphones, tablets)

______

Social Networks (e.g., Facebook, MySpace, Twitter)

______

Online Chat/Instant Messaging

______

Banking online

______

Bill payment online

______

Shopping online

______

Financial management online (e.g. investment, 401K)

______

Healthcare management online (e.g. health insurance, Medicare)

______

Classifieds/auctions online (e.g. Craigslist, ebay)

______

Entertainment online (e.g. music, videos/movies)

______

Games online

______

News online

______


If you have other personal accounts not listed above, please describe the nature of the account(s): _________________

2. How often do you use the same password for different personal accounts?

  • Never or almost never

  • Less than half of the time

  • About half of the time

  • More than half of the time

  • Always or almost always

Comments: _________________

Questions about Passwords for Personal Email

3. How many personal email accounts do you have? _____

4. What strategies do you use to create the passwords of your personal email accounts? (check all that apply)

  • Create from a password root, where a few characters are always the same (e.g., 2PwdRt&, PwdRt42%, or tXpwdRT@)

  • Let system assign password

  • Make minor change(s) to an existing password (e.g., %elvis1, #elvis2, or $elvis3)

  • Recycle old passwords (e.g., old passwords that are not in current password history)

  • Use a common name, word, or phrase (e.g., Boston12)

  • Use a meaningful or pronounceable mnemonic (e.g., 2beOrnOt@toBee from “to be or not to be”)

  • Use a random combination of words, letters, or characters

  • Use character repetitions (e.g. !!!AAAbbb999)

  • Use existing passwords from other accounts

  • Other –describe strategies generically. Do not provide an example of an actual password or enough information to guess your password ______________

5. How important are these considerations to you when you create the password of a personal email account?

Not at all Important

Only a little Important

Somewhat Important

Very Important

Easy to enter/type

Easy to remember

Strong, i.e., hard to guess/crack

Synchronized with passwords for other accounts

Compliant with the password requirements

Comments: _________________

6. How do you keep track of the passwords of your personal email accounts? (check all that apply)

  • Memorize the passwords

  • Let browser/computer auto-fill

  • Use mnemonics, e.g. meaningful or pronounceable phrase

  • Rely on hints provided by the computer

  • Do not track, use “forgot password” feature

  • Share with someone (e.g., a family member or friend)

  • Write entire password down on paper and place in a non-locked location

  • Write entire password down on paper and store securely in a locked location

  • Write down on paper, but disguise in some way (e.g. only write down the common word without the special characters)

  • Save in a document/file, protected with encryption or password

  • Save in a document/file, not protected (i.e. without encryption or password)

  • Use password management software

  • Store in unencrypted electronic devices, e.g., USB key, PDA, cell phone, etc.

  • Store in encrypted electronic devices, e.g. BlackBerry

  • Other – please describe _________________

7. In your opinion, how secure are the passwords of your personal email accounts?

  • Not at all secure, i.e. very easy to guess/crack

  • Slightly secure

  • Moderately secure

  • Very secure

  • Completely secure, i.e. extremely hard to guess/crack

  • Don’t know

8. In general, what do you think of the password requirements for your personal email accounts?

(e.g., password length, use of special characters, password expiration, etc.)

  1. Password length - minimum number of characters required

  • Too short

  • About right

  • Too long

  • Don’t know/No opinion


In your opinion, what should the length of your personal email passwords be? (e.g. , 6, 8, or 12 characters, etc.) _________________


  1. Complexity of the password requirements – combination of letters, numbers, and special characters

  • Too complex

  • About right

  • Too simple

  • Don’t know/No opinion

Comments: _________________


  1. Password expiration- how often do you need to change the passwords of your personal email accounts?

  • 30 days or less

  • 31 - 60 days

  • 61 - 90 days

  • 91 - 120 days

  • 121 - 180 days

  • 181 days or more

  • Change only as needed (e.g., new accounts, or accounts hacked, etc.)



In your opinion, how many days, weeks, or months should a personal email password last before it expires and you have to change it? _________________

9. What consequences, do you think, would there be if the passwords of your personal email accounts were compromised?

__________________________________________________________________________

Questions about Passwords for Personal Computers requiring passwords

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Mobile devices requiring passwords

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Social Networks

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Online Chat/Instant Messaging

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Banking Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Bill Payment Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Shopping Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Financial management Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Healthcare management Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Classifieds/Auctions Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Entertainment Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for Games Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)

Questions about Passwords for News Online

(only appears if the respondent checks the associated account type in Q1 on the 1st page; same questions as in Email accounts, but tailored to this account type.)



Questions about Login Problems with your Personal Accounts

10. In the past 6 months, how much frustration and time have these problems caused you?

a. Frustration with login problems

None

A little

Some

A lot

Forgetting your User name or ID

Forgetting your password

Forgetting your PIN

Forgetting which password goes with which account

Getting locked out of an account

Mistyping a password

Getting error messages when trying to change a password

Getting error messages when trying to recover a password

Dealing with slow or unhelpful system support

Valid password rejected for unclear reason

Other, please describe below


If “Other”, describe problem(s): ___________________

b. Time Wasted on login problems

None

A little

Some

A lot

Forgetting your User name or ID

Forgetting your password

Forgetting your PIN

Forgetting which password goes with which account

Getting locked out of an account

Mistyping a password

Getting error messages when trying to change a password

Getting error messages when trying to recover a password

Dealing with slow or unhelpful system support

Valid password rejected for unclear reason

Other, please describe below


If “Other”, describe problem(s): ___________________



Usability and Cyber Security

11. Tell us about any overall strategy you use to manage your passwords for different personal accounts.

(An example of such strategy is to have 3 passwords with different security levels: a strong password for accounts with great importance to you; a medium-strength password for less important accounts; and a low-strength password for accounts that are more casual.)

__________________________________________________________________________


12. How do you feel about the amount of effort it takes you to create and manage passwords to do what you want to do online?

__________________________________________________________________________


13. The last time you had difficulty creating a password, what happened? What caused the problem? What did you end up doing? 

(We don't want to know the password you were trying to create, we just want to know what happened.)

__________________________________________________________________________

13a. For the situation you just described, how typical is that? How many times would you say this has happened in the last 6 months?

__________________________________________________________________________ 

14. Have you ever had training about online security?

  • Yes

  • No

  • Don’t know

14a. If yes, how useful is the training in helping to protect you when performing online activities?

  • Not at all useful

  • A little useful

  • Somewhat useful

  • Very useful


Comments: ___________________________

15. What would be the ideal login process for you with your personal accounts?

_________________________________________________________________________

Demographic Information


1. Gender:


  • Male

  • Female

2. Age:

  • 25 and under

  • 26-35

  • 36-45

  • 46-55

  • 56-65

  • 66 and above

3. Highest education (degree/level attained):

  • High school or equivalent

  • Associate degree

  • Bachelor’s degree

  • Master’s degree (e.g. MS, MA, etc.)

  • Doctoral degree (e.g. PhD)

  • Professional degree (e.g. MD, JD, etc.)

  • Other

If Other, please specify ______________

4. Occupation:

  • Accounting/Finance/Insurance

  • Administrative/Clerical

  • Banking/Real Estate/Mortgage Professionals

  • Biotech/R&D/Science

  • Building Construction/Skilled Trades

  • Business/Strategic Management

  • Creative/Design

  • Customer support/Client care

  • Editorial/Writing

  • Education/Training

  • Engineering

  • Food Services/Hospitality

  • Homemaking

  • Human Resources

  • IT/Software Development

  • Installation/Maintenance/Repair

  • Legal

  • Logistics/Transportation

  • Manufacturing/Production/Operations

  • Marketing/Product

  • Medical/Health

  • Project/Program Management

  • Quality Assurance/Safety

  • Retired

  • Sales/Retail/Business Development

  • Security/Protective Services

  • Unemployed

  • (Other)


If Other, please specify ______________

5. Your level of experience using computers:

  • Novice

  • Average

  • Advanced

  • Expert



Thank you for taking our survey. Your response is very important to us.
If you are interested in future research on password usability, please contact us at dana@usabilityworks.net

This research is a cooperative agreement sponsored by the National Institute of Standards and Technology (NIST).

04/10/2014

File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorChoong
File Modified0000-00-00
File Created2021-01-30
© 2025 OMB.report | Privacy Policy