Passwords are one of the most common security technologies that people use everyday. Choosing a new password is a security decision that can have important consequences for end users. Passwords can be long and complex, which prioritizes the security-focused aspects of a password. They can also be simple—easy to create, remember, and use—which prioritizes the usability aspects of the password. The tradeoff between password security versus usability represents competing constraints that shape password creation and use. We examined an ecologically valid dataset of 853 passwords entered a total of 2533 times by 134 users into 1010 websites, to test hypotheses about the impact of these constraints. We found evidence that choices about password complexity reflect an emphasis on security needs, but little support for the hypothesis that users take day-to-day ease of use of the password into account when creating it. There was also little evidence that password creation policies drive password choices.

中文翻译：

---

优先于可用性的安全性：人们如何选择密码的策略

密码是人们日常使用的最常见的安全技术之一。选择新密码是一项安全决策，可能对最终用户产生重要影响。密码可能很长而且很复杂，这会优先考虑密码的安全方面。它们也可以很简单——易于创建、记住和使用——优先考虑密码的可用性方面。密码安全性与可用性之间的权衡代表了影响密码创建和使用的竞争约束。我们检查了一个生态有效的数据集，该数据集包含 134 个用户在 1010 个网站中总共输入 2533 次 853 个密码，以检验有关这些约束影响的假设。我们发现证据表明有关密码复杂性的选择反映了对安全需求的重视，但很少支持用户在创建密码时考虑到密码的日常易用性这一假设。几乎没有证据表明密码创建策略会推动密码选择。