skip to main content
10.1145/3025453.3025788acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
research-article

I'm too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails

Published: 02 May 2017 Publication History

Abstract

A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46% of the participants reset their passwords. The mean time taken to reset password was 26.3 days, revealing that a significant proportion of the participants reset their password a few weeks, or even months after first receiving the email. Our findings suggest that more effective persuasive measures need to be added to convince users to reset their password in a timely manner, and further reduce the risks associated with delaying password resets.

Supplementary Material

suppl.mov (pn2651p.mp4)
Supplemental video

References

[1]
Joseph Bonneau and Sören Preibusch. 2010. The Password Thicket: Technical and Market Failures in Human Authentication on the Web. In Proceedings of the 9th Annual Workshop on the Economics of Information Security.
[2]
Sonia Chiasson and P. C. van Oorschot. 2015. Quantifying the security advantage of password expiration policies. Designs, Codes and Cryptography 77, 2 (2015), 401--408.
[3]
Adrienne Porter Felt, Alex Ainslie, Robert W. Reeder, Sunny Consolvo, Somas Thyagaraja, Alan Bettes, Helen Harris, and Jeff Grimes. 2015. Improving SSL Warnings: Comprehension and Adherence. In Proceedings of the 33rd Conference on Human Factors and Computing Systems.
[4]
Dinei Florencio and Cormac Herley. 2007. A Large-scale Study of Web Password Habits. In Proceedings of the 16th International Conference on World Wide Web.
[5]
Steven Furnell. 2007. An assessment of website password practices. Computers & Security 26, 7--8 (2007), 445--451.
[6]
Simson L. Garfinkel. 2003. Email-Based Identification and Authentication: An Alternative to PKI? IEEE Security and Privacy 1, 6 (Nov. 2003), 20--26.
[7]
Patrick Heim. 2016. Resetting passwords to keep your files safe. https://blogs.dropbox.com/dropbox/2016/08/ resetting-passwords-to-keep-your-files-safe/. (August 2016).
[8]
Chris Karlof, J. D. Tygar, and David Wagner. 2009. Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication. In Proceedings of the 16th Network and Distributed System Security Symposium.
[9]
Simon Marechal. 2008. Advances in password cracking. Journal in Computer Virology 4, 1 (2008), 73--81.
[10]
Cory Scott. 2016. Protecting Our Members. https: //blog.linkedin.com/2016/05/18/protecting-our-members. (May 2016).
[11]
Yinqian Zhang, Fabian Monrose, and Michael K. Reiter. 2010. The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis. In Proceedings of the 17th ACM Conference on Computer and Communications Security.

Cited By

View all
  • (2024)Encouraging Users to Change Breached Passwords Using the Protection Motivation TheoryACM Transactions on Computer-Human Interaction10.1145/368943231:5(1-45)Online publication date: 30-Aug-2024
  • (2024)“Protect Me Tomorrow”: Commitment Nudges to Remedy Compromised PasswordsACM Transactions on Computer-Human Interaction10.1145/368903831:5(1-25)Online publication date: 16-Aug-2024
  • (2024)Understanding Users' Interaction with Login NotificationsProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642823(1-17)Online publication date: 11-May-2024
  • Show More Cited By

Index Terms

  1. I'm too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems
    May 2017
    7138 pages
    ISBN:9781450346559
    DOI:10.1145/3025453
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 02 May 2017

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. linkedin
    2. password breach
    3. password reset
    4. reset email

    Qualifiers

    • Research-article

    Funding Sources

    • ITRC
    • NRFK
    • School of EECS, Oregon State University

    Conference

    CHI '17
    Sponsor:

    Acceptance Rates

    CHI '17 Paper Acceptance Rate 600 of 2,400 submissions, 25%;
    Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

    Upcoming Conference

    CHI 2025
    ACM CHI Conference on Human Factors in Computing Systems
    April 26 - May 1, 2025
    Yokohama , Japan

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)37
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 15 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Encouraging Users to Change Breached Passwords Using the Protection Motivation TheoryACM Transactions on Computer-Human Interaction10.1145/368943231:5(1-45)Online publication date: 30-Aug-2024
    • (2024)“Protect Me Tomorrow”: Commitment Nudges to Remedy Compromised PasswordsACM Transactions on Computer-Human Interaction10.1145/368903831:5(1-25)Online publication date: 16-Aug-2024
    • (2024)Understanding Users' Interaction with Login NotificationsProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642823(1-17)Online publication date: 11-May-2024
    • (2024)Personalizing Privacy Protection With Individuals' Regulatory Focus: Would You Preserve or Enhance Your Information Privacy?Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642640(1-17)Online publication date: 11-May-2024
    • (2023)Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 WebsitesSustainability10.3390/su15141104315:14(11043)Online publication date: 14-Jul-2023
    • (2023)Interactions of Framing and Timing in Nudging Online Game SecurityComputers and Security10.1016/j.cose.2022.102962124:COnline publication date: 8-Feb-2023
    • (2022)Users' perceptions of chrome's compromised credential notificationProceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563618(155-174)Online publication date: 8-Aug-2022
    • (2022)User Perceptions of Five-Word PasswordsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567981(605-618)Online publication date: 5-Dec-2022
    • (2022)Your Behaviors Reveal What You NeedComputers and Security10.1016/j.cose.2022.102891122:COnline publication date: 1-Nov-2022
    • (2021)Investigating web service account remediation adviceProceedings of the Seventeenth USENIX Conference on Usable Privacy and Security10.5555/3563572.3563591(359-376)Online publication date: 9-Aug-2021
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media