To read the full version of this content please select one of the options below:

Understanding passwords – a taxonomy of password creation strategies

Joakim Kävrestad (School of Informatics, University of Skövde, Skövde, Sweden)
Fredrik Eriksson (School of Informatics, University of Skövde, Skövde, Sweden)
Marcus Nohlberg (School of Informatics, University of Skövde, Skövde, Sweden)

Information and Computer Security

ISSN: 2056-4961

Publication date: 8 July 2019

Abstract

Purpose

Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords.

Design/methodology/approach

The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet.

Findings

The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model.

Originality/value

On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

Keywords

Citation

Kävrestad, J., Eriksson, F. and Nohlberg, M. (2019), "Understanding passwords – a taxonomy of password creation strategies", Information and Computer Security, Vol. 27 No. 3, pp. 453-467. https://doi.org/10.1108/ICS-06-2018-0077

Publisher

:

Emerald Publishing Limited

Copyright © 2019, Emerald Publishing Limited