password strength
Recently Published Documents


TOTAL DOCUMENTS

79
(FIVE YEARS 42)

H-INDEX

10
(FIVE YEARS 1)

2022 ◽  
Vol 12 (2) ◽  
pp. 894
Author(s):  
Aušrius Juozapavičius ◽  
Agnė Brilingaitė ◽  
Linas Bukauskas ◽  
Ricardo Gregorio Lugo

Password hygiene plays an essential part in securing systems protected with single-factor authentication. A significant fraction of security incidents happen due to weak or reused passwords. The reasons behind differences in security vulnerable behaviour between various user groups remains an active research topic. The paper aims to identify the impact of age and gender on password strength using a large password dataset. We recovered previously hashed passwords of 102,120 users from a leaked customer database of a car-sharing company. Although the measured effect size was small, males significantly had stronger passwords than females for all age groups. Males aged 26–45 were also significantly different from all other groups, and password complexity decreased with age for both genders equally. Overall, very weak password hygiene was observed, 72% of users based their password on a word or used a simple sequence of digits, and passwords of over 39% of users were found in word lists of previous leaks.


Author(s):  
Yaqoob Al-Slais ◽  
Wael El-Medany

Today, online users will have an average of 25 password-protected accounts online, yet use, on average, 6.5 passwords. The excessive cognitive burden of remembering large amounts of passwords causes Password Fatigue. Therefore users tend to reuse passwords or recycle password patterns whenever prompted to change their passwords regularly. Researchers have created Adaptive Password Policies to prevent users from creating new passwords similar to previously created ones. However, this approach creates user frustration as it neglects users’ cognitive burden. This paper proposes a novel User-Centric Adaptive Password Policy (UCAPP) Framework for password creation and management that assigns users system-generated passwords based on a cognitive-behavioural agent-based model. The framework comprises a Password Policy Assignment Test (PassPAST), a Cognitive Burden Scale (CBS), a User Profiling Algorithm, and a Password Generator (PassGEN). The framework creates tailor-made password policies that maintain password memorability for users of different cognitive thresholds without sacrificing password strength and entropy. The framework successfully created 30-40% stronger passwords for Critical users and random (non-mnemonic) passwords for Typical users based on each individual’s cognitive password thresholds in a preliminary test.


2021 ◽  
Vol 11 (20) ◽  
pp. 9406
Author(s):  
Viktor Taneski ◽  
Marko Kompara ◽  
Marjan Heričko ◽  
Boštjan Brumen

Recent literature proposes the use of a proactive password checker as method for preventing users from creating easy-to-guess passwords. Markov models can help us create a more effective password checker that would be able to check the probability of a given password to be chosen by an attacker. We investigate the ability of different Markov models to calculate a variety of passwords from different topics, in order to find out whether one Markov model is sufficient for creating a more effective password checker. The results of our study show that multiple models are required in order to be able to do strength calculations for a wide range of passwords. To the best of our knowledge, this is the first password strength study where the effect of the training password datasets on the success of the model is investigated.


2021 ◽  
Vol 10 (3) ◽  
Author(s):  
Rohan Patra ◽  
Sandip Patra

Recently, there has been a rise in impactful data breaches releasing billions of people’s online accounts and financial data into the public domain. The result is an increased importance of effective cybersecurity measures, especially regarding the storage of user passwords. Strong password storage security means that an actor cannot use the passwords in vectors such as credential-stuffing attacks despite having access to breached data. It will also limit user exposure to threats such as unauthorized account charges or account takeovers. This research evaluates the effectiveness of different password storage techniques. The storage techniques to be tested are: BCRYPT Hashing, SHA-256 Hashing, SHA-256 with Salt, and SHA-256 with MD5 Chaining. Following the National Institute of Standards and Technology (NIST) guidelines on password strength, both a weak and robust password will be passed through the stated techniques. Reversal of each of the results will be attempted using Rainbow Tables and dictionary attacks. The study results show that pairing a strong password that has not been exposed in a data breach with the BCRYPT hashing algorithm results in the most robust password security. However, SHA-256 hashing with a salt results in a very similar level of security while maintaining better performance. While plain SHA-256 hashing or chaining multiple hashing algorithms together is theoretically as secure, in practice, they are easily susceptible to simple attacks and thus should not be used in a production environment. Requiring strong password which have not been exposed in previous data breaches was also found to greatly increase security.


Author(s):  
Sirapat Boonkrong ◽  
Arkalerk Kitthimon ◽  
Patchara Koksoungnoen ◽  
Krissada Jenprakhon

Passwords are considered the most commonly used method of authentication.  Unfortunately, weak passwords are known to be the main cause of many cyber attacks.  With stronger passwords, it is believed that this first line of defence would be able to reduce the risk of cyber attacks, trespass and information exposure.   A password strength metre application was, therefore, developed so that users can try out the passwords of their choice before actually deciding to register them.  Although the application contains such information as password entropy, password quality index and password complexity index, the data is presented in a user-friendly way so that it is intuitive to any users.


2021 ◽  
Author(s):  
Eric B. Blancaflor ◽  
Michael Rafael A. Dela Cruz ◽  
Jeptha Mathan V. Espanola ◽  
Luis Rafael V. Laurena ◽  
John Wendell J. Maranan ◽  
...  

Author(s):  
Anna Bakas ◽  
Anne Wagner ◽  
Spencer Johnston ◽  
Shelia Kennison ◽  
Eric Chan-Tin

2021 ◽  
pp. 334-353
Author(s):  
Wenjie Bai ◽  
Jeremiah Blocki ◽  
Ben Harsha

2021 ◽  
pp. 285-304
Author(s):  
Liron David ◽  
Avishai Wool
Keyword(s):  

Sign in / Sign up

Export Citation Format

Share Document