Passwords Are Not Always Stronger on the Other Side of the Fence

Loutfi, Ijlal; Jøsang, Audun

doi:10.14722/usec.2015.23005

Cited by 4 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…M9 regards the handling of paper notes as well as electronic notes [15]. It was reported in three publications: [8,15,16]. The problem underlying this misconception is that notes of passwords can be beneficial and have been recommended by security experts (e.g.…”

Section: 29mentioning

confidence: 99%

Addressing misconceptions about password security effectively

Mayer

Volkamer

2018

Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust

View full text Add to dashboard Cite

Nowadays, most users need more passwords than they can handle. Consequently, users have developed a multitude of strategies to cope with this situation. Some of these coping strategies are based on misconceptions about password security. In such cases, the users are unaware of their insecure password practices. Addressing the misconceptions is vital in order to decrease insecure coping strategies. We conducted a systematic literature review with the goal to provide an overview of the misconceptions about password security. Our literature review revealed that misconceptions exist in basically all aspects of password security. Furthermore, we developed interventions to address these misconceptions. Then, we evaluated the interventions' effectiveness in decreasing the misconceptions at three small and medium sized enterprises (SME). Our results show that the interventions decrease the overall prevalence of misconceptions significantly in the participating employees.

show abstract

Section: 29mentioning

confidence: 99%

Addressing misconceptions about password security effectively

Mayer

Volkamer

2018

Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust

View full text Add to dashboard Cite

show abstract

“…Users have been shown to be more well-educated about secure password practices than previously known, but will still select the path of least resistance if possible [21]. Even skilled users have been shown to apply insecure password practices, even if these users are aware of the risks, showing that usability often overshadows security for users [42].…”

Section: Password Problemsmentioning

confidence: 99%

Web Authentication using Third-Parties in Untrusted Environments

Vapen

2016

Linköping Studies in Science and Technology. Dissertations

View full text Add to dashboard Cite

With the increasing personalization of the Web, many websites allow users to create their own personal accounts. This has resulted in Web users often having many accounts on different websites, to which they need to authenticate in order to gain access. Unfortunately, there are several security problems connected to the use and re-use of passwords, the most prevalent authentication method currently in use, including eavesdropping and replay attacks.Several alternative methods have been proposed to address these shortcomings, including the use of hardware authentication devices. However, these more secure authentication methods are often not adapted for mobile Web users who use different devices in different places and in untrusted environments, such as public Wi-Fi networks, to access their accounts.We have designed a method for comparing, evaluating and designing authentication solutions suitable for mobile users and untrusted environments. Our method leverages the fact that mobile users often bring their own cell phones, and also takes into account different levels of security adapted for different services on the Web.Another important trend in the authentication landscape is that an increasing number of websites use third-party authentication. This is a solution where users have an account on a single system, the identity provider, and this one account can then be used with multiple other websites. In addition to requiring fewer passwords, these services can also in some cases implement authentication with higher security than passwords can provide.How websites select their third-party identity providers has privacy and security implications for end users. To better understand the security and privacy risks with these services, we present a data collection methodology that we have used to identify and capture third-party authentication usage on the Web. We have also characterized the third-party authentication landscape based on our collected data, outlining which types of third-parties are used by which types of sites, and how usage differs across the world. Using a combination of large-scale crawling, longitudinal manual testing, and in-depth login tests, our characterization and analysis has also allowed us to discover interesting structural properties of the landscape, differences in the cross-site relationships, and how the use of third-party authentication is changing over time.Finally, we have also outlined what information is shared between websites in third-party authentication, defined risk classes based on shared data, and profiled privacy leakage risks associated with websites and their identity providers sharing data with each other. Our findings show how websites can strengthen the privacy of their users based on how these websites select and combine their third-parties and the data they allow to be shared. Populärvetenskaplig sammanfattningAllt fler människor tillbringar stora delar av sina liv på Internet för att arbeta, uträtta myndighetsärenden, sköta sin ekonomi och umgås med vänner...

show abstract

The One-Eyed Leading the Blind: Understanding Differences Between IT Professionals and Non-IT Staff When Creating and Managing Passwords

Brockbanks

Butler

2021

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

Passwords Are Not Always Stronger on the Other Side of the Fence

Cited by 4 publications

References 7 publications

Addressing misconceptions about password security effectively

Addressing misconceptions about password security effectively

Web Authentication using Third-Parties in Untrusted Environments

The One-Eyed Leading the Blind: Understanding Differences Between IT Professionals and Non-IT Staff When Creating and Managing Passwords

Contact Info

Product

Resources

About