password security
Recently Published Documents


TOTAL DOCUMENTS

137
(FIVE YEARS 43)

H-INDEX

11
(FIVE YEARS 3)

2021 ◽  
Author(s):  
Mathieu Christmann ◽  
Peter Mayer ◽  
Melanie Volkamer
Keyword(s):  

2021 ◽  
Vol 10 (3) ◽  
Author(s):  
Rohan Patra ◽  
Sandip Patra

Recently, there has been a rise in impactful data breaches releasing billions of people’s online accounts and financial data into the public domain. The result is an increased importance of effective cybersecurity measures, especially regarding the storage of user passwords. Strong password storage security means that an actor cannot use the passwords in vectors such as credential-stuffing attacks despite having access to breached data. It will also limit user exposure to threats such as unauthorized account charges or account takeovers. This research evaluates the effectiveness of different password storage techniques. The storage techniques to be tested are: BCRYPT Hashing, SHA-256 Hashing, SHA-256 with Salt, and SHA-256 with MD5 Chaining. Following the National Institute of Standards and Technology (NIST) guidelines on password strength, both a weak and robust password will be passed through the stated techniques. Reversal of each of the results will be attempted using Rainbow Tables and dictionary attacks. The study results show that pairing a strong password that has not been exposed in a data breach with the BCRYPT hashing algorithm results in the most robust password security. However, SHA-256 hashing with a salt results in a very similar level of security while maintaining better performance. While plain SHA-256 hashing or chaining multiple hashing algorithms together is theoretically as secure, in practice, they are easily susceptible to simple attacks and thus should not be used in a production environment. Requiring strong password which have not been exposed in previous data breaches was also found to greatly increase security.


2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Ki Hyeon Hong ◽  
Un Gu Kang ◽  
Byung Mun Lee

In the field of information security, passwords are a means of authenticating users. Passwords with weak security cannot perform the role of user authentication and personal information protection because confidentiality is easily violated. To ensure confidentiality, it is important to evaluate the strength of the password and choose a very secure password. Due to this fact, security evaluation models for various passwords have been presented. However, existing evaluation models evaluate security based on the English alphabet. Passwords depend on the memory of the user and are closely related to the language or environment used by the user. In this regard, there are limitations in applying the existing security evaluation models to passwords chosen by non-English speakers. We compose a non-English, Korean language-based password dictionary and propose a password security evaluation model based on this for Korean users. In addition, to verify the effectiveness of the proposed model, we conducted experiments to evaluate the security of Korean language-based passwords using a database of passwords that have been actually leaked. As a result, the proposed model showed 99.38% accuracy for Korean language-based leaked passwords. This is superior to the 80.06% accuracy shown by the existing model. In conclusion, the use of the Korean language-based password security evaluation model proposed in this paper will contribute to choosing more secure passwords for Korean language-based sites or users.


2021 ◽  
Vol 13 (7) ◽  
pp. 164
Author(s):  
Tony Gwyn ◽  
Kaushik Roy ◽  
Mustafa Atay

In the realm of computer security, the username/password standard is becoming increasingly antiquated. Usage of the same username and password across various accounts can leave a user open to potential vulnerabilities. Authentication methods of the future need to maintain the ability to provide secure access without a reduction in speed. Facial recognition technologies are quickly becoming integral parts of user security, allowing for a secondary level of user authentication. Augmenting traditional username and password security with facial biometrics has already seen impressive results; however, studying these techniques is necessary to determine how effective these methods are within various parameters. A Convolutional Neural Network (CNN) is a powerful classification approach which is often used for image identification and verification. Quite recently, CNNs have shown great promise in the area of facial image recognition. The comparative study proposed in this paper offers an in-depth analysis of several state-of-the-art deep learning based-facial recognition technologies, to determine via accuracy and other metrics which of those are most effective. In our study, VGG-16 and VGG-19 showed the highest levels of image recognition accuracy, as well as F1-Score. The most favorable configurations of CNN should be documented as an effective way to potentially augment the current username/password standard by increasing the current method’s security with additional facial biometrics.


2021 ◽  
Vol 1916 (1) ◽  
pp. 012176
Author(s):  
P Kavitha Rani ◽  
R Sai Krishna ◽  
U S Siddarth ◽  
E Vidya Sagar
Keyword(s):  

Author(s):  
Florence Mwagwabi ◽  
Jhee Hee Jiow

What drives teenagers to comply with computer password guidelines? Using an extended form of protection motivation theory (PMT) (Rogers, 1983), we found that even if teenage computer users believe they are susceptible to being hacked, or that being hacked would be detrimental, it has no bearing on their password choices. Other motives outside of PMT also drive teenage security behaviour. Personal norms fully mediate the relationship between the perceived severity of threat and compliance intentions such that perceived severity is not sufficient to encourage compliance. Teenagers must actually feel obligated to comply. While personal norms may encourage compliance, concerns about feeling embarrassed or ashamed if their social media accounts are hacked into actually encourages compliance. On the other hand, peer influence, such as the fear of being teased about someone hacking into their account, discourages compliance. Our study contributes to understanding early security practices and highlights potential differences between adult and teenage behaviours to consider in future studies. For example, our findings suggest that password security guidelines alone will not suffice to ensure teenage compliance; they may need enforced password rules at the authentication level to eliminate any opportunity to violate password rules. Our study will benefit children and parents as well as organizations that have changed work practices to enable employees to work from home, but which places children in danger of clicking on malicious links on their parents’ computers. To our knowledge, this is the first password security study that applies PMT to examine computer-based security behaviours in teenagers.


2021 ◽  
Vol 1811 (1) ◽  
pp. 012129
Author(s):  
Toras Pangidoan Batubara ◽  
Syahril Efendi ◽  
Erna Budhiarti Nababan

2021 ◽  
Vol 328 ◽  
pp. 03005
Author(s):  
Suwarjono Suwarjono ◽  
Lilik Sumaryanti ◽  
Lusia Lamalewa

Electronic voting is done by recording election data centrally and presenting it into fast digital information. E-voting is an internet technology, which aims to improve the performance of the voting process, and is expected to be a breakthrough in technological development that helps human work. Security constraints in e-voting include the distribution of voting, for example voters who distribute voting rights, are illegitimate and can abuse voters’ rights, because they know the voter’s account to access the system. This study implements cryptographic methods as a password security for voter accounts, and the results of voting, so that the secrecy of the voters’ data and the results of voting are maintained. RSA algorithm to implement cryptographic techniques based on two mathematical problems, namely factorization and modulo operations on composite numbers, which use two different keys for encryption and decryption processes. The public key is used encryption process to encode text, and the private key is used description process, namely translating ciphertext into plaintext.


Sign in / Sign up

Export Citation Format

Share Document