Password Authentication Measurement Research

Exploring Implementation Decisions and Their Security, Privacy, and Usability Implications

Our Published Studies

Password Creation Policies

In this study, we conducted the largest evaluation of website password creation policies to date, assessing over 20K sites (∼135x more sites than prior work). Our results revealed the state of modern web password creation policies, and identified insecure policies deployed

Learn More
Password Login Policies

This study characterizes authentication policies and implementation decisions throughout the account login process, providing the most expansive survey of modern website login security to date. We inferred login policies on 18K to 359K websites, evaluating each stage of the login workflow

Learn More




Password Masking

This study empirically investigates the security and usability impact of password masking through a mixed-method evaluation involving over 200 surveyed participants and 600 user experiments on mobile and PC devices. It reveals misconceptions, assesses usability and security impacts, explores user preferences, and offers recommendations for effective use

Learn More




Policy Practices of Website Administrators

This study examines how web administrators develop and manage password policies, the factors influencing policy changes, and the challenges they face. Through an online survey and interviews with a range of US-based administrators, we identify key factors affecting policy decisions and barriers to modern guidelines

Learn More
Contact Us
We are researchers affiliated with the School of Cybersecurity and Privacy at Georgia Institute of Technology. Feel free to reach out to us!
Frank Li frankli@gatech.edu
Suood AlRoomi roomi@gatech.edu
Sena Sahin ssahin8@gatech.edu
Yuqi Hu yhu476@gatech.edu