I'm too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails

論文URL:http://dl.acm.org/citation.cfm?doid=3025453.3025788

論文アブストラクト:A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46% of the participants reset their passwords. The mean time taken to reset password was 26.3 days, revealing that a significant proportion of the participants reset their password a few weeks, or even months after first receiving the email. Our findings suggest that more effective persuasive measures need to be added to convince users to reset their password in a timely manner, and further reduce the risks associated with delaying password resets.

日本語のまとめ:

LinkedInのID/パスワードが流出したときユーザにパスワードリセットの要求メールを送ったが半数は無視され10日以上後で反応した人も多かった。理由は「忙しいから」が一番多かったが、そもそも気にしてない人も多かった。

(109文字)

発表スライド: