PASSWORD PROTECTION: END USER SECURITY BEHAVIOR
DOI:
https://doi.org/10.47839/ijc.13.1.616Keywords:
Security, Password Protection, User Study, Survey, Tendency.Abstract
Password authentication is one of essential services in our life for protecting data. In other words, we may loose a lot of money, sensitive data, etc., if passwords leak out. Thus, we have to understand clearly what is important for creating and/or changing passwords. Our goal is to analyze key issues for setting passwords. We surveyed 262 students of the University of Aizu, Japan. We discussed key security problems, main password protection issues and techniques, and misunderstandings about passwords by end users. Furthermore, we compared the obtained data with results provided by the National Institute of Standard Technology (NIST) and others. The results can help the users set stronger passwords.References
Google 2-step verification, http://www.google.com/landing/2step/
Introducing Login Approvals on Facebook, https://www.facebook.com/note.php?note_id=10150172618258920
R. Anderson, Security Engineering: A Guide to Building Depend- able Distributed System, Second Edition, Wiley Publishing, 2008.
Keisuke Kato, Vitaly Klyuev, Strong passwords: practical issues, Proceedings of the 7th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS’2013), Berlin, Germany (September 12-14, 2013), pp. 608-613.
I. Korkmaz and M. E. Dalkilic, The weak and the strong password preferences: a case study on Turkish users, Proceedings of the 3rd International Conference on Security of Information and Networks SIN’10, pp. 56-61, 2010.
A. Narayanan and V. Shmatikov, Fast dictionary attacks on password using time-space tradeoff, Proceedings of the 12th ACM Conference on Computer and Communications Security CCS’05, 2005, pp. 364–372.
John the ripper, http://www.openwall.com/john/
Hashcat, http://hashcat.net/oclhashcat-plus/
Does adding one more question impact survey completion rate? https://www.surveymonkey.com/blog/en/blog/2010/12/08/survey_questions_and_completion_rates
R. Shay, P. G. Kelley, S. Komanduri, P. G. Leon, M. L. Mazurek, L. Bauer, N. Christin, and L. F. Cranor, Encountering stronger password requirements: user attitudes and behaviors, Proceedings of the 6th Symposium on Usable Privacy and Security, 2010.
Ashwini Rao, Birendra Jha, and Gananand Kini, Effect of grammar on security of long passwords”, Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy CODASPY’13, 2013, pp. 317–324.
M. Dell’Amico, P. Michiardi, and Yves Roudier, Password Strength: An Empirical Analysis, Proceedings of the IEEE International Conference on Computer Communications, 2010, pp. 1–9.
D. Hart, Attitudes and practices of students towards password security, Journal of Computing Sciences in Colleges, (23) 5 (2008), pp. 169–174.
F. Bergadano, B. Crispo and G. Ruffo, Proactive password checking with decision trees, Proceedings of the 4th ACM Conference on Computer and Communications Security, 1997, pp. 67–77.
P. Y. Logan and A. Clarkson, So long, and no thanks for the externalities: the rational rejection of security advice by users”, Proceedings of the New Security Paradigms Workshop NSPW’09, 2009, pp. 133–144.
C. Herley, Teaching students to hack: curriculum issues in information security, Proceedings of the 36th Technical Symposium on Computer Science Education SIGCSE’05, 2005, pp. 157–161.
The maximum time required to analyze password by characters and/or the number of characters in use, http://www.ipa.go.jp/security/english/virus/press/200809/E PR200809.html/
How I’d hack your weak passwords, http://lifehacker.com/5505400/how-id-hack-your-weak-passwords
Password recovery speeds, http://www.lockdown.co.uk/?pg=combi&s=articles
W. E. Burr, D. F. Dodson, and W. T. Polk. Electronic Authentication Guideline, Technical report, National Institute of Standards and Technology, 2006.
Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, and Cormac Herley, Does my password go up to eleven? The impact of password meters on password selection, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems CHI’13, pp. 2379-2388.
D. Florencio, and C. Herley. A large-scale study of web password habits, Proceedings of the 16th International Conference on the World Wide Web, ACM Press (New York, NY, USA, 2007), 657–666.
C. E. Shannon, A mathematical theory of communication, ACM SIGMOBILE Mobile Computing and Communications Review, (5) 1 (1948).
J. L. Massey, Guessing and entropy, Proceedings of the IEEE International Symposium on Information Theory, 1994, 204.
Recognition and acceptance of security and privacy for eID, Technical Report: (The original title is in Japanese, Copyright © IPA, Japan), http://www.ipa.go.jp/security/economics/report/eid201008.html
Young people and emerging digital services an exploratory survey on motivations, perceptions and acceptance of risks, http://ftp.jrc.es/EURdoc/JRC50089.pdf
Downloads
Published
How to Cite
Issue
Section
License
International Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
