Password Authentication from a Human Factors Perspective: Results of a Survey among End-Users

Hoonakker, Peter; Bornoe, Nis; Carayon, Pascale

doi:10.1177/154193120905300605

Cited by 39 publications

(34 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Horowitz reported that 15-20% of the users on a regular basis wrote down their password on a Post-it note attached to the computer monitor [8]. Another study found that 66% of users keep password paper records at work and 58% keep passwords in files [8]. Vulnerabilities related to weak passwords have significant economic effect globally.…”

mentioning

confidence: 99%

“…Other user strategies include using the same password for every account, writing down passwords, storing passwords in files, and reusing or recycling old passwords. Horowitz reported that 15-20% of the users on a regular basis wrote down their password on a Post-it note attached to the computer monitor [8]. Another study found that 66% of users keep password paper records at work and 58% keep passwords in files [8].…”

mentioning

confidence: 99%

“…Studies have shown that users will generally address the password complexity problem by using simple predictable passwords [7,8]. Schneier examined 34,000 MySpace online passwords and concluded that 65% of them contained 8 characters, with most frequently used passwords being "password1", "abc123", "myspace1", and "password" [8]. Other user strategies include using the same password for every account, writing down passwords, storing passwords in files, and reusing or recycling old passwords.…”

mentioning

confidence: 99%

“…Vulnerabilities related to weak passwords have significant economic effect globally. Results of a recent study [8,9] revealed that identity fraud affects nearly 5% of consumers, or nearly 10 million people in the USA per year. The total annual cost of identity fraud in the United States was more than $55 billion in 2006 [9].…”

mentioning

confidence: 99%

“…A weak password used with a strong encryption or authentication algorithm potentially makes a computer system vulnerable to brute-force password search attacks. Studies have shown that users will generally address the password complexity problem by using simple predictable passwords [7,8]. Schneier examined 34,000 MySpace online passwords and concluded that 65% of them contained 8 characters, with most frequently used passwords being "password1", "abc123", "myspace1", and "password" [8].…”

mentioning

confidence: 99%

See 4 more Smart Citations

The weak-password problem: Chaos, criticality, and encrypted p-CAPTCHAs

Laptyeva

Flach

Kladko

2011

EPL

View full text Add to dashboard Cite

Abstract. -Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase transitions, CAPTCHA recognition, and computational round-off errors we design an algorithm that strengthens security of passwords. The core idea of our simple method is to split a long and secure password into two components. The first component is memorized by the user. The second component is transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective. We expect our approach to have wide applications for authentication and encryption technologies.Introduction. -Computer and information security has been subject to intensive research for over 50 years. This included investigation of cryptographic methods, as well as generic security of computing devices, operating systems and networks. However, it is only relatively recently that the importance of the human factor has been given proper attention. Passwords are the common method for authentication and encryption used to secure digital life. Humans have limited capacity to remember passwords and tend to select passwords that are too simple and predictable. Security breaches related to weak passwords are widespread events. Consumers and enterprises around the world are looking for ways to address the weak password problem [1,2]. In this paper we propose a simple method to address the problem by combining chaotic dynamics, phase transitions, and pattern recognition advantages of the human brain. We do not design a new encryption scheme. Instead we use standard encryption tschemes, and add a littel overhead on top in order to substantially enhance security. A major building block of the proposed algorithm is the dynamic behavior of complex extended non-linear systems, in particular, Hamiltonian lattices close to a phase transition [3,4]. These systems display non-ergodicity, deterministic chaos [5], and

show abstract

mentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

The weak-password problem: Chaos, criticality, and encrypted p-CAPTCHAs

Laptyeva

Flach

Kladko

2011

EPL

View full text Add to dashboard Cite

show abstract

Password creation strategies across high‐ and low‐literacy web users

Rinn

Summers

Rhodes

et al. 2015

Proc. Assoc. Info. Sci. Tech.

View full text Add to dashboard Cite

Research has shown that password security practices typically conflict with general usability principles. Though the challenges faced by low-literacy users when creating and managing passwords are likely to extend beyond those experienced by the general public, little research has been done to explore password usability in this at-risk group. This survey of 20 low-literacy participants aims to examine password behaviors within this population, including password creation, recall strategies, and perceptions of password strength and security. It expands on the work of Chisnell and Newby (2015) based on a nationwide survey exploring password use, password creation strategies, and perceptions regarding password security. Thus, this study allows for comparison between password use and perceptions among the broader population and those of users with low literacy skills. These results provide important insights into patterns of use and mental models of password requirements and password security among lowliteracy users.

show abstract

Password Security in Organizations: User Attitudes and Behaviors Regarding Password Strength

Almehmadi¹,

Alsolami

2019

16th International Conference on Information Technology-New Generations (ITNG 2019)

View full text Add to dashboard Cite

Password Authentication from a Human Factors Perspective: Results of a Survey among End-Users

Cited by 39 publications

References 16 publications

The weak-password problem: Chaos, criticality, and encrypted p-CAPTCHAs

The weak-password problem: Chaos, criticality, and encrypted p-CAPTCHAs

Password creation strategies across high‐ and low‐literacy web users

Password Security in Organizations: User Attitudes and Behaviors Regarding Password Strength

Contact Info

Product

Resources

About