Password Security in Organizations: User Attitudes and Behaviors Regarding Password Strength

Almehmadi, Tahani; Alsolami, Fahad

doi:10.1007/978-3-030-14070-0_2

Cited by 3 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For password strength estimation, we use the zxcvbn algorithm by Wheeler [42] as it provides a well-usable password strength estimation API 1 in JavaScript and a significantly improved estimation accuracy compared to simple approaches, e.g., LUDS. For sound generation, we use Tone.js, a cross-platform, cross-device WebAudio framework for creating interactive sound and music applications in the browser [27].…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

That password doesn't sound right

Lutz

Kröger

Schneiderbauer

et al. 2020

Proceedings of the 15th International Audio Mostly Conference

View full text Add to dashboard Cite

Despite 2-factor authentication and other modern approaches, authentication by password is still the most commonly used method on the Internet. Unfortunately, as analyses show, many users still choose weak and easy-to-guess passwords. To alleviate the significant effects of this problem, systems often employ textual or graphical feedback to make the user aware of this problem, which often falls short on engaging the user and achieving the intended user reaction, i.e., choosing a stronger password.In this paper, we introduce auditory feedback as a complementary method to remedy this problem, using the advantages of sound as an affective medium. We investigate the conceptual space of creating usable auditory feedback on password strength, including functional and non-functional requirements, influences and design constraints. We present web-based implementations of four sonification designs for evaluating different characteristics of the conceptual space and define a research roadmap for optimization, evaluation and applications. CCS CONCEPTS• Human-centered computing → Auditory feedback; Soundbased input / output; • Security and privacy → Usability in security and privacy.

show abstract

Section: Methodsmentioning

confidence: 99%

“…Passwords are still one of the most common forms of authentication in use today [4]. Security problems caused by choosing weak password or reusing them has significant impact on the economy and society [1]. Creating unique, strong passwords for every user account can be perceived as difficult or annoying.…”

Section: Introductionmentioning

confidence: 99%

That password doesn't sound right

Lutz

Kröger

Schneiderbauer

et al. 2020

Proceedings of the 15th International Audio Mostly Conference

View full text Add to dashboard Cite

show abstract

“…Authentication mechanisms make it more difficult for an attacker to breach a system and its failure poses a risk to a system. Passwords are a fundamental part of authentication but are easily disclosed by cyber-attacks (Almehmadi & Alsolami, 2019). The authors conclude that implementing multi-factor authentication (MFA) is necessary to deal with password vulnerabilities.…”

Section: Literature Reviewmentioning

confidence: 99%

Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems

Steyn

Blaauw

2023

iccws

View full text Add to dashboard Cite

Anti-poaching operations increasingly make use of a wide variety of technology for intelligence and communications. These technologies introduce cybersecurity risk, and they need to be secured to provide greater protection to the information and people involved in anti-poaching operations, ultimately protecting vulnerable animals better. A hypothetical network of anti-poaching technologies was simulated in Graphical Network Simulator 3 (GNS3), consisting of various field devices identified in the literature, and a main control room with relevant hardware devices. A virtual Kali Linux machine was connected to the network and played the role of a digital attacker or intruder. Several cyber-attacks were carried out, to show the risks inherent to such an interoperable and socio-technical network. These attacks included Man in the Middle (MitM) and Denial of Service (DoS) attacks. These attacks were then mitigated via system configurations. Further risks and threat considerations were identified in the literature. Using the STRIDE, DREAD and Attack Tree threat models, the risks to an anti-poaching network were classified and calculated. The most prevalent threats and the attacks performed in the simulation were all calculated to have a high risk level, posing a great threat to an unsecured network. The STRIDE classes of Denial of Service and Elevation of Privilege posed the most risk to the system, both having a calculated average risk score of 9 out of 10. Mitigations to general network threats and those identified in the simulation are mentioned. Additionally, authentication for such a system was investigated, as improper authentication practices were deemed a risk and provides a foothold for further risks in the network. Recommendations made, include the proper configuration of network devices, especially the router and switch, and the use of anti-virus, firewalls, and intrusion detection systems, as well as having an external audit performed annually. Multi-factor authentication, with a password/fingerprint combination, is recommended.

show abstract

A Study on Password Security Awareness in Constructing Strong Passwords

Sulaiman¹

2021

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Password Security in Organizations: User Attitudes and Behaviors Regarding Password Strength

Cited by 3 publications

References 11 publications

That password doesn't sound right

That password doesn't sound right

Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems

A Study on Password Security Awareness in Constructing Strong Passwords

Contact Info

Product

Resources

About