ITL-CSD- Password Generation Study

NIST Generic Clearance for Usability Data Collections

0693.0043-PasswordGenerationStudy-Post-Task-Questionnaire

ITL-CSD- Password Generation Study

OMB: 0693-0043

Document [docx]
Download: docx | pdf

National Institute of Standards and Technology (NIST)

Information Technology Laboratory (ITL)

Computer Security Division (CSD)

Password Generation Study Post-Task Questionnaire



About the Password Generation Study

  1. How would you rate the experience of generating passwords to satisfy the password requirements?




a. “password requirement set 1”


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



b. “password requirement set 2”


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



  1. How would you rate the strength (i.e., in protecting the account) of the password requirements?




a. “password requirement set 1”


1

2

3

4

5

Very Weak

Weak

Neutral

Strong

Very Strong




b. “password requirement set 2”


1

2

3

4

5

Very Weak

Weak

Neutral

Strong

Very Strong





  1. For the password you selected for “account type 1,” please rate:




a. The strength (i.e., in protecting the account) of the password


1

2

3

4

5

Very Weak

Weak

Neutral

Strong

Very Strong




b. The ease of remembering the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



c. The ease of typing the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



  1. For the password you selected for “account type 2,” please rate:





a. The strength (i.e., in protecting the account) of the password


1

2

3

4

5

Very Weak

Weak

Neutral

Strong

Very Strong





b. The ease of remembering the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



c. The ease of typing the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



  1. For the password you selected for “account type 3,” please rate:




a. The strength (i.e., in protecting the account) of the password


1

2

3

4

5

Very Weak

Weak

Neutral

Strong

Very Strong




b. The ease of remembering the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



c. The ease of typing the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



  1. For the password you selected for “account type 4,” please rate:




a. The strength (i.e., in protecting the account) of the password


1

2

3

4

5

Very Weak

Weak

Neutral

Strong

Very Strong




b. The ease of remembering the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



c. The ease of typing the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



  1. For the password you selected for a desktop computer, please rate:




a. The strength (i.e., in protecting the account) of the password


1

2

3

4

5

Very Weak

Weak

Neutral

Strong

Very Strong




b. The ease of remembering the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



c. The ease of typing the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



  1. For the password you selected for a mobile computing device, please rate:




a. The strength (i.e., in protecting the account) of the password


1

2

3

4

5

Very Weak

Weak

Neutral

Strong

Very Strong




b. The ease of remembering the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy



c. The ease of typing the password


1

2

3

4

5

Very Difficult

Difficult

Neutral

Easy

Very Easy




  1. What, if any strategies, did you use to generate the passwords in this study?


_________________________________________________________________





About yourself and your experience with passwords

  1. Gender:

  • Male

  • Female


  1. Age: ______ (in years)


  1. Highest education (degree/level attained):

  • High school or equivalent

  • Associate degree

  • Bachelor’s degree

  • Master’s degree (e.g. MS, MA, etc.)

  • Doctoral degree (e.g. PhD)

  • Professional degree (e.g. MD, JD, etc.)

  • (Other), please specify _____________________


  1. Occupation: _______________________



  1. Your level of experience using computers:

  • Novice

  • Average

  • Advanced

  • Expert


  1. Do you have personal accounts in the categories listed below that require a password? If yes, enter the number of accounts in that category and select how often you use those accounts.



Number of accounts

Several times a day

About once a day

Several times a week

About once a week

Several times a month

Several times a year

Email


Personal computers requiring passwords


Mobile devices requiring passwords (e.g., smartphones, tablets)


Social Networks (e.g., Facebook, MySpace, Twitter)


Online Chat/Instant Messaging


Banking online


Bill payment online


Shopping online


Financial management online (e.g. investment, 401K)


Healthcare management online (e.g. health insurance, Medicare)


Classifieds/auctions online (e.g. Craigslist, ebay)


Entertainment online (e.g. music, videos/movies)


Games online


News online



If you have other personal accounts not listed above, please describe the nature of the account(s): _______________________________


  1. How often do you use the same password for different personal accounts?

  • Never or almost never

  • Less than half of the time

  • About half of the time

  • More than half of the time

  • Always or almost always


  1. Tell us about any overall strategy you use to manage your passwords for different personal accounts.

(An example of such strategy is to have 3 passwords with different security levels: a strong password for accounts with great importance to you; a medium-strength password for less important accounts; and a low-strength password for accounts that are more casual.)

________________________________________________________________________


  1. What strategies do you use to create the passwords of your personal accounts? (check all that apply)

  • Create from a password root, where a few characters are always the same (e.g., 2PwdRt&, PwdRt42%, or tXpwdRT@)

  • Let system assign password

  • Make minor change(s) to an existing password (e.g., %elvis1, #elvis2, or $elvis3)

  • Recycle old passwords (e.g., old passwords that are not in current password history)

  • Use a common name, word, or phrase (e.g., Boston12)

  • Use a meaningful or pronounceable mnemonic (e.g., 2beOrnOt@toBee from “to be or not to be”)

  • Use a random combination of words, letters, or characters

  • Use character repetitions (e.g. !!!AAAbbb999)

  • Use existing passwords from other accounts

  • Other –describe strategies generically. Do not provide an example of an actual password or enough information to guess your password. ______________


  1. How important are these considerations to you when you create the password of a personal email account?


Not at all Important

Only a little Important

Somewhat Important

Very Important

Easy to enter/type

Easy to remember

Strong, i.e., hard to guess/crack

Synchronized with passwords for other accounts

Compliant with the password requirements


  1. How do you keep track of the passwords of your personal accounts? (check all that apply)

  • Memorize the passwords

  • Let browser/computer auto-fill

  • Use mnemonics, e.g. meaningful or pronounceable phrase

  • Rely on hints provided by the computer

  • Do not track, use “forgot password” feature

  • Share with someone (e.g., a family member or friend)

  • Write entire password down on paper and place in a non-locked location

  • Write entire password down on paper and store securely in a locked location

  • Write down on paper, but disguise in some way (e.g. only write down the common word without the special characters)

  • Save in a document/file, protected with encryption or password

  • Save in a document/file, not protected (i.e. without encryption or password)

  • Use password management software

  • Store in unencrypted electronic devices, e.g., USB key, PDA, cell phone, etc.

  • Store in encrypted electronic devices, e.g. BlackBerry

  • Other – please describe _________________




  1. In the past 6 months, how much frustration have these problems with your personal accounts caused you?



None

A little

Some

A lot

Forgetting your User name or ID

Forgetting your password

Forgetting your PIN

Forgetting which password goes with which account

Getting locked out of an account

Mistyping a password

Getting error messages when trying to change a password

Getting error messages when trying to recover a password

Dealing with slow or unhelpful system support

Valid password rejected for unclear reason

Other, please describe below

If “Other”, describe problem(s): ___________________


  1. In your opinion, how many characters long should personal account passwords be? Please give a whole number. _________________


  1. How do you feel about the amount of effort it takes you to create and manage passwords to do what you want to do online?



_________________________________________________________________________________





NOTE: This survey contains collection of information requirements subject to the Paperwork Reduction Act.  Notwithstanding any other provision of the law, no person is required to respond to, nor shall any person be subject to a penalty for failure to comply with, a collection of information subject to the requirements of the Paperwork Reduction Act, unless that collection of information displays a currently valid OMB control number.  The estimated response time for this survey is 25 minutes.  The response time includes the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information."  Send Comments regarding this estimate or any other aspects of this collection of information, including suggestions for reducing the length of this questionnaire, to the National Institute of Standards and Technology, Attn., Mary Theofanos, at mary.theofanos@nist.gov


OMB Control No. 0693-0043   Expiration Date: 3/31/2016 

15


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified0000-00-00
File Created2021-01-24

© 2024 OMB.report | Privacy Policy