000000316 001__ 316
000000316 005__ 20170307110042.0
000000316 037__ $$aLERSSE-RefConfPaper-2017-002
000000316 100__ $$aJun Ho Huh
000000316 245__ $$aI’m too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails
000000316 260__ $$c2017-03-07
000000316 300__ $$a5
000000316 520__ $$aA common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46% of the participants reset their passwords. The mean time taken to reset password was 26.3 days, revealing that a significant proportion of the participants reset their password a few weeks, or even months after first receiving the email. Our findings suggest that more effective persuasive measures need to be added to convince users to reset their password in a timely manner, and further reduce the risks associated with delaying password resets.
000000316 700__ $$aHyoungshick Kim
000000316 700__ $$aSwathi S.V.P. Rayala
000000316 700__ $$aRakesh B. Bobba
000000316 700__ $$aKonstantin Beznosov
000000316 8560_ $$flersse-it@ece.ubc.ca
000000316 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/316/files/CHI-17_huh_paper.pdf
000000316 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/316/files/CHI-17_huh_paper.pdf?subformat=pdfa$$xpdfa
000000316 909C4 $$pJ. H. Huh, H. Kim, S. S. V. Rayala, R. B. Bobba, K. Beznosov, “I’m too busy to reset my LinkedIn password: On the effectiveness of password reset emails,” to appear in Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), 2017, 5 pages.
000000316 980__ $$aRefConfPaper