Skip to main content

Human-Generated and Machine-Generated Ratings of Password Strength: What Do Users Trust More?

Alqahtani, Saeed Ibrahim, Li, Shujun, Yuan, Haiyue, Rusconi, Patrice (2020) Human-Generated and Machine-Generated Ratings of Password Strength: What Do Users Trust More? EAI Endorsed Transactions on Security and Safety, 18 (e1). ISSN 2032-9393. (doi:10.4108/eai.13-7-2018.162797) (KAR id:79945)

PDF Publisher pdf
Language: English

Click to download this file (1MB) Preview
[thumbnail of EAIETSS2020.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL:


Proactive password checkers have been widely used to persuade users to select stronger passwords by providing machine-generated strength ratings of passwords. If such ratings do not match human-generated ratings of human users, there can be a loss of trust in PPCs. In order to study the effectiveness of PPCs, it would be useful to investigate how human users perceive such machine- and human-generated ratings in terms of their trust, which has been rarely studied in the literature. To fill this gap, we report a large-scale crowdsourcing study with over 1,000 workers. The participants were asked to choose which of the two ratings they trusted more. The passwords were selected based on a survey of over 100 human password experts. The results revealed that participants exhibited four distinct behavioral patterns when the passwords were hidden, and many changed their behaviors significantly after the passwords were disclosed, suggesting their reported trust was influenced by their own judgments.

Item Type: Article
DOI/Identification number: 10.4108/eai.13-7-2018.162797
Projects: COMMANDO-HUMANS: COMputational modeling and Automatic Non-intrusive Detection Of HUMan behAviourbased iNSecurity
Uncontrolled keywords: Password strength, password meter, user perception, trust, human-generated, machine-generated, ratings
Subjects: B Philosophy. Psychology. Religion > BF Psychology
Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.9.H85 Human computer interaction
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Funders: Engineering and Physical Sciences Research Council (
Depositing User: Shujun Li
Date Deposited: 04 Feb 2020 19:32 UTC
Last Modified: 12 Jul 2022 10:41 UTC
Resource URI: (The current URI for this page, for reference purposes)
Li, Shujun:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.