Password security: Password behavior analysis at a small university

Awad, Mohammed; Al-Qudah, Zakaria; Idwan, Sahar; Jallad, Abdul-Halim

doi:10.1109/icedsa.2016.7818558

Cited by 14 publications

(9 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The inclusion of uppercase letters makes passwords automatically more secure. M3 was reported in two publications: [1,17]. The underlying problem is the same as for M1and M2: users tend to put the uppercase letters in predictable places in the password (in particular in the front).…”

Section: 23mentioning

confidence: 99%

See 1 more Smart Citation

Addressing misconceptions about password security effectively

Mayer

Volkamer

2018

Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust

View full text Add to dashboard Cite

Nowadays, most users need more passwords than they can handle. Consequently, users have developed a multitude of strategies to cope with this situation. Some of these coping strategies are based on misconceptions about password security. In such cases, the users are unaware of their insecure password practices. Addressing the misconceptions is vital in order to decrease insecure coping strategies. We conducted a systematic literature review with the goal to provide an overview of the misconceptions about password security. Our literature review revealed that misconceptions exist in basically all aspects of password security. Furthermore, we developed interventions to address these misconceptions. Then, we evaluated the interventions' effectiveness in decreasing the misconceptions at three small and medium sized enterprises (SME). Our results show that the interventions decrease the overall prevalence of misconceptions significantly in the participating employees.

show abstract

Section: 23mentioning

confidence: 99%

“…The inclusion of numbers makes passwords automatically more secure. M1 was reported in five publications: [1,12,14,17,18]. The underlying problem with this misconception is that additional character classes (i.e.…”

Section: 21mentioning

confidence: 99%

Addressing misconceptions about password security effectively

Mayer

Volkamer

2018

Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust

View full text Add to dashboard Cite

show abstract

“…Two previous studies have observed password selection habits and password strength of university students [9] [10]. However, neither had made an attempt to compare the then-current passwords with older passwords examined in previous studies.…”

Section: Related Workmentioning

confidence: 99%

Rejecting the death of passwords: Advice for the future

Bošnjak

Brumen

2019

COMSIS J

View full text Add to dashboard Cite

Passwords have been a recurring subject of research ever since Morris and Thompson first pointed out their disadvantages in 1979. Several decades later, textual passwords remain to be the most used authentication method, despite the growing number of security breaches. In this article, we highlight technological advances that have the potential to ease brute-force attacks on longer passwords. We point out users' persistently bad password creation and management practices, arguing that the users will be unable to keep up with the increasingly demanding security requirements in the future. We examine a set of real, user-generated passwords, and compare them to the passwords collected by Morris and Thompson. The results show that today's passwords remain as weak as they were nearly four decades ago. We provide insight on how the current password security could be improved by giving recommendations to users, administrators, and researchers. We dispute the reiterated claim that passwords should be replaced, by exposing the alternatives' weaknesses. Finally, we argue passwords will remain widespread until two conditions are met: First, a Pareto-improving authentication method is discovered, and second, the users are motivated to replace textual passwords.

show abstract

“…Zhang et al [53] found that users faced problems in remembering their passwords and more especially, to memorize and correctly recall numerous passwords. is encouraged users going for an easy or simple password which is quick to remember [54], but this opens plenty of opportunities for attackers to guess or crack their passwords, easily [55]. When the system enforces stringent password policies, users due to memorability issues [56], allow their browsers or password managers to save their username/password information to make future logins easier.…”

Section: Something You Knowmentioning

confidence: 99%

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access

Gupta

Buriro

Crispo

2018

Mobile Information Systems

View full text Add to dashboard Cite

Smartphones are the most popular and widespread personal devices. Apart from their conventional use, that is, calling and texting, they have also been used to perform multiple security sensitive activities, such as online banking and shopping, social networking, taking pictures, and e-mailing. On a positive side, smartphones have improved the quality of life by providing multiple services that users desire, for example, anytime-anywhere computing. However, on the other side, they also pose security and privacy threats to the users' stored data. User authentication is the first line of defense to prevent unauthorized access to the smartphone. Several authentication schemes have been proposed over the years; however, their presentation might be perplexing to the new researchers to this domain, under the shade of several buzzwords, for example, active, continuous, implicit, static, and transparent, being introduced in academic papers without comprehensive description. Moreover, most of the reported authentication solutions were evaluated mainly in terms of accuracy, overlooking a very important aspect-the usability. is paper surveys various types and ways of authentication, designed and developed primarily to secure the access to smartphones and attempts to clarify correlated buzzwords, with the motivation to assist new researchers in understanding the gist behind those concepts. We also present the assessment of existing user authentication schemes exhibiting their security and usability issues.

show abstract

Password security: Password behavior analysis at a small university

Cited by 14 publications

References 2 publications

Addressing misconceptions about password security effectively

Addressing misconceptions about password security effectively

Rejecting the death of passwords: Advice for the future

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access

Contact Info

Product

Resources

About