Vision: What Johnny learns about Password Security from Videos posted on YouTube

The text password is the most pervasive authentication scheme and is unlikely to disappear in the near future. To reduce the risk of insecure password management endangering companies, these companies employ password awareness and training campaigns. While larger companies may buy measures for those campaigns externally or develop their own ones, small and medium sized companies (SMEs) are likely to turn to freely available material -- most likely videos -- and recommend or even force their employees to watch these. We analysed such freely available videos and show their shortcomings. To that end, we aggregated requirements from the existing literature and applied these to a body of 32 freely available YouTube videos using search terms informed by Google Trends. The contributions of this work are two-fold. Firstly, the findings of our analysis show that the best video covers only about half of the requirements, which raises serious concerns regarding the quality of available videos and their suitability for usage in awareness campaigns by SMEs. Secondly, our list of aggregated requirements can inform the design of future videos, which is planned as follow-up to this work in order to remedy the concerns uncovered in our analysis.