I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails

Jun Ho Huh; Hyoungshick Kim; Swathi S.V.P. Rayala; Rakesh B. Bobba; Konstantin Beznosov

doi:10.1145/3025453.3025788

I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails

Jun Ho Huh
, Hyoungshick Kim
, Swathi S.V.P. Rayala
, Rakesh B. Bobba
, Konstantin Beznosov

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

20 Scopus citations

Abstract

A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46% of the participants reset their passwords. The mean time taken to reset password was 26.3 days, revealing that a significant proportion of the participants reset their password a few weeks, or even months after first receiving the email. Our findings suggest that more effective persuasive measures need to be added to convince users to reset their password in a timely manner, and further reduce the risks associated with delaying password resets.

Original language	English
Title of host publication	CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems
Subtitle of host publication	Explore, Innovate, Inspire
Publisher	Association for Computing Machinery
Pages	387-391
Number of pages	5
ISBN (Electronic)	9781450346559
DOIs	https://doi.org/10.1145/3025453.3025788
State	Published - 2 May 2017
Event	2017 ACM SIGCHI Conference on Human Factors in Computing Systems, CHI 2017 - Denver, United States Duration: 6 May 2017 → 11 May 2017

Publication series

Name	Conference on Human Factors in Computing Systems - Proceedings
Volume	2017-May

Conference

Conference	2017 ACM SIGCHI Conference on Human Factors in Computing Systems, CHI 2017
Country/Territory	United States
City	Denver
Period	6/05/17 → 11/05/17

Keywords

LinkedIn
Password breach
Password reset
Reset email

Access to Document

10.1145/3025453.3025788

Cite this

Huh, J. H., Kim, H., Rayala, S. S. V. P., Bobba, R. B., & Beznosov, K. (2017). I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails. In CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems: Explore, Innovate, Inspire (pp. 387-391). (Conference on Human Factors in Computing Systems - Proceedings; Vol. 2017-May). Association for Computing Machinery. https://doi.org/10.1145/3025453.3025788

Huh, Jun Ho ; Kim, Hyoungshick ; Rayala, Swathi S.V.P. et al. / I'm too busy to reset my LinkedIn password : On the effectiveness of password reset emails. CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems: Explore, Innovate, Inspire. Association for Computing Machinery, 2017. pp. 387-391 (Conference on Human Factors in Computing Systems - Proceedings).

@inproceedings{7a3585563790482b82cdb8c37ea51a39,

title = "I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails",

abstract = "A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46\% of the participants reset their passwords. The mean time taken to reset password was 26.3 days, revealing that a significant proportion of the participants reset their password a few weeks, or even months after first receiving the email. Our findings suggest that more effective persuasive measures need to be added to convince users to reset their password in a timely manner, and further reduce the risks associated with delaying password resets.",

keywords = "LinkedIn, Password breach, Password reset, Reset email",

author = "Huh, \{Jun Ho\} and Hyoungshick Kim and Rayala, \{Swathi S.V.P.\} and Bobba, \{Rakesh B.\} and Konstantin Beznosov",

note = "Publisher Copyright: {\textcopyright} 2017 ACM.; 2017 ACM SIGCHI Conference on Human Factors in Computing Systems, CHI 2017 ; Conference date: 06-05-2017 Through 11-05-2017",

year = "2017",

month = may,

day = "2",

doi = "10.1145/3025453.3025788",

language = "English",

series = "Conference on Human Factors in Computing Systems - Proceedings",

publisher = "Association for Computing Machinery",

pages = "387--391",

booktitle = "CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems",

}

Huh, JH, Kim, H, Rayala, SSVP, Bobba, RB & Beznosov, K 2017, I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails. in CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems: Explore, Innovate, Inspire. Conference on Human Factors in Computing Systems - Proceedings, vol. 2017-May, Association for Computing Machinery, pp. 387-391, 2017 ACM SIGCHI Conference on Human Factors in Computing Systems, CHI 2017, Denver, United States, 6/05/17. https://doi.org/10.1145/3025453.3025788

I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails. / Huh, Jun Ho; Kim, Hyoungshick; Rayala, Swathi S.V.P. et al.
CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems: Explore, Innovate, Inspire. Association for Computing Machinery, 2017. p. 387-391 (Conference on Human Factors in Computing Systems - Proceedings; Vol. 2017-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - I'm too busy to reset my LinkedIn password

T2 - 2017 ACM SIGCHI Conference on Human Factors in Computing Systems, CHI 2017

AU - Huh, Jun Ho

AU - Kim, Hyoungshick

AU - Rayala, Swathi S.V.P.

AU - Bobba, Rakesh B.

AU - Beznosov, Konstantin

PY - 2017/5/2

Y1 - 2017/5/2

N2 - A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46% of the participants reset their passwords. The mean time taken to reset password was 26.3 days, revealing that a significant proportion of the participants reset their password a few weeks, or even months after first receiving the email. Our findings suggest that more effective persuasive measures need to be added to convince users to reset their password in a timely manner, and further reduce the risks associated with delaying password resets.

AB - A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46% of the participants reset their passwords. The mean time taken to reset password was 26.3 days, revealing that a significant proportion of the participants reset their password a few weeks, or even months after first receiving the email. Our findings suggest that more effective persuasive measures need to be added to convince users to reset their password in a timely manner, and further reduce the risks associated with delaying password resets.

KW - LinkedIn

KW - Password breach

KW - Password reset

KW - Reset email

UR - https://www.scopus.com/pages/publications/85044864522

U2 - 10.1145/3025453.3025788

DO - 10.1145/3025453.3025788

M3 - Conference contribution

AN - SCOPUS:85044864522

T3 - Conference on Human Factors in Computing Systems - Proceedings

SP - 387

EP - 391

BT - CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems

PB - Association for Computing Machinery

Y2 - 6 May 2017 through 11 May 2017

ER -

Huh JH, Kim H, Rayala SSVP, Bobba RB, Beznosov K. I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails. In CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems: Explore, Innovate, Inspire. Association for Computing Machinery. 2017. p. 387-391. (Conference on Human Factors in Computing Systems - Proceedings). doi: 10.1145/3025453.3025788

I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this