By studying what computer users do wrong when they chose passwords -- and how hackers exploit those mistakes -- Neubauer Family Assistant Professor Blase Ur developed a new data-driven password "meter" to help create safer passwords. This week, that work received the IEEE Cybersecurity Award for Practice, recognizing work that has "generated transformative cybersecurity capabilities and concepts, advancing the field overall via new approaches, leadership, and solutions."
Ur shares the award with eight collaborators from Carnegie Mellon University: Lujo Bauer, Nicolas Christin, Lorrie Cranor, Saranga Komanduri, Michelle Mazurek, William Melicher, Sean Segreti, and Rich Shay. You can read a paper from their password research here, as well as try out a demo of the password meter the team developed.
"The award is for their body of work on passwords over the past 9 years," the organization wrote. "Briefly, they looked at the question of how we can make passwords easier for users yet harder for attackers to guess. Their work sheds light on this by developing a robust methodology for studying password strength and usability, and then using that methodology to show how better password policies and helpful feedback to users (powered by deep learning) can make passwords both more convenient and more secure."