Search results

1 – 10 of over 5000
Article
Publication date: 1 May 1993

Charles Cresson Wood

Suggests that computer passwords can pose a major computer securityrisk, as password guessing is the most prevalent and effective method ofsystem penetration. Introduces a…

Abstract

Suggests that computer passwords can pose a major computer security risk, as password guessing is the most prevalent and effective method of system penetration. Introduces a new computer package which can address this problem by generating difficult‐to‐guess passwords by removing human judgement from the password construction process.

Details

Information Management & Computer Security, vol. 1 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 18 March 2022

Suncica Hadzidedic, Silvia Fajardo-Flores and Belma Ramic-Brkic

This paper aims to address the user perspective about usability, security and use of five authentication schemes (text and graphical passwords, biometrics and hardware…

Abstract

Purpose

This paper aims to address the user perspective about usability, security and use of five authentication schemes (text and graphical passwords, biometrics and hardware tokens) from a population not covered previously in the literature. Additionally, this paper explores the criteria users apply in creating their text passwords.

Design/methodology/approach

An online survey study was performed in spring 2019 with university students in Mexico and Bosnia and Herzegovina. A total of 197 responses were collected.

Findings

Fingerprint-based authentication was most frequently perceived as usable and secure. However, text passwords were the predominantly used method for unlocking computer devices. The participants preferred to apply personal criteria for creating text passwords, which, interestingly, coincided with the general password guidelines, e.g. length, combining letters and special characters.

Originality/value

Research on young adults’ perceptions of different authentication methods is driven by the increasing frequency and sophistication of security breaches, as well as their significant consequences. This study provided insight into the commonly used authentication methods among youth from two geographic locations, which have not been accounted for previously.

Details

Information & Computer Security, vol. 30 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 17 June 2021

Karen Renaud, Graham Johnson and Jacques Ophoff

The purpose of this paper is to reveal the lived experiences of dyslexics in engaging with all kinds of alphanumeric authentication mechanisms.

Abstract

Purpose

The purpose of this paper is to reveal the lived experiences of dyslexics in engaging with all kinds of alphanumeric authentication mechanisms.

Design/methodology/approach

A significant proportion of the world’s population experiences some degree of dyslexia, which can lead to spelling, processing, sequencing and retention difficulties. Passwords, being essentially sequences of alphanumeric characters, make it likely that dyslexics will struggle with these, even more so than the rest of the population. Here, this study explores the difficulties people with dyslexia face, their general experiences with passwords, the coping strategies they use and the advice they can provide to developers and others who struggle with passwords. This paper collects empirical data through semi-structured interviews with 13 participants. Thematic analysis was used to provide an in-depth view of each participant’s experience.

Findings

The main contribution of this paper is to provide evidence related to the inaccessibility dimensions of passwords as an authentication mechanism, especially for dyslexics and to recommend a solution direction.

Research limitations/implications

There is a possible volunteer bias, as this study is dealing with self-reported data including historical and reflective elements and this paper is seeking information only from those with self-declared or diagnosed dyslexia. Furthermore, many expressed interest or curiosity in the relationship between dyslexia and password difficulties, for some a motivation for their participation. Finally, given that the participants told us that dyslexics might hide, it is possible that the experiences of those who do hide are different from those who chose to speak to us and thus were not hiding.

Originality/value

A few authors have written about the difficulties dyslexics face when it comes to passwords, but no one has asked dyslexics to tell them about their experiences. This paper fills that gap.

Details

Information & Computer Security, vol. 29 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 30 November 2021

Bhaveer Bhana and Stephen Vincent Flowerday

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user…

Abstract

Purpose

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting or mistyping the password (usually because of character switching). The source of this issue is that while a password containing combinations of lowercase characters, uppercase characters, digits and special characters (LUDS) offers a reasonable level of security, it is complex to type and/or memorise, which prolongs the user authentication process. This results in much time being spent for no benefit (as perceived by users), as the user authentication process is merely a prerequisite for whatever a user intends to accomplish. This study aims to address this issue, passphrases that exclude the LUDS guidelines are proposed.

Design/methodology/approach

To discover constructs that create security and to investigate usability concerns relating to the memory and typing issues concerning passphrases, this study was guided by three theories as follows: Shannon’s entropy theory was used to assess security, chunking theory to analyse memory issues and the keystroke level model to assess typing issues. These three constructs were then evaluated against passwords and passphrases to determine whether passphrases better address the security and usability issues related to text-based user authentication. A content analysis was performed to identify common password compositions currently used. A login assessment experiment was used to collect data on user authentication and user – system interaction with passwords and passphrases in line with the constructs that have an impact on user authentication issues related to security, memory and typing. User–system interaction data was collected from a purposeful sample size of 112 participants, logging in at least once a day for 10 days. An expert review, which comprised usability and security experts with specific years of industry and/or academic experience, was also used to validate results and conclusions. All the experts were given questions and content to ensure sufficient context was provided and relevant feedback was obtained. A pilot study involving 10 participants (experts in security and/or usability) was performed on the login assessment website and the content was given to the experts beforehand. Both the website and the expert review content was refined after feedback was received from the pilot study.

Findings

It was concluded that, overall, passphrases better support the user during the user authentication process in terms of security, memory issues and typing issues.

Originality/value

This research aims at promoting the use of a specific type of passphrase instead of complex passwords. Three core aspects need to be assessed in conjunction with each other (security, memorisation and typing) to determine whether user-friendly passphrases can support user authentication better than passwords.

Details

Information & Computer Security, vol. 30 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 6 April 2021

Mona Mohamed, Tobin Porterfield and Joyram Chakraborty

This study aims to examine the impact of cultural familiarity with images on the memorability of recognition-based graphical password (RBG-P).

Abstract

Purpose

This study aims to examine the impact of cultural familiarity with images on the memorability of recognition-based graphical password (RBG-P).

Design/methodology/approach

The researchers used a between-group design with two groups of 50 participants from China and the Kingdom of Saudi Arabia, using a webtool and two questionnaires to test two hypotheses in a four-week long study.

Findings

The results showed that culture has significant effects on RBG-P memorability, including both recognition and recall of images. It was also found that the login success rate depreciated quickly as time progressed, which indicates the memory decay and its effects on the visual memory.

Research limitations/implications

Collectively, these results can be used to design universal RBG-Ps with maximal password deflection points. For better cross-cultural designs, designers must allow users from different cultures to personalize their image selections based on their own cultures.

Practical implications

The RBG-P interfaces developed without consideration for users’ cultures may lead to the construction of passwords that are difficult to memorize and easy to attack. Thus, the incorporation of cultural images is indispensable for improving the authentication posture.

Social implications

The development of RBG-P with cultural considerations will make it easy for the user population to remember the password and make it more expensive for the intruder to attack.

Originality/value

This study provides an insight for RBG-P developers to produce a graphical password platform that increases the memorability factor.

Details

Journal of Systems and Information Technology, vol. 23 no. 1
Type: Research Article
ISSN: 1328-7265

Keywords

Article
Publication date: 9 November 2015

Alain Forget, Sonia Chiasson and Robert Biddle

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text…

1286

Abstract

Purpose

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner.

Design/methodology/approach

This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection.

Findings

This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points.

Originality/value

This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.

Details

Information & Computer Security, vol. 23 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 March 2013

Cheng Yang, Jui‐long Hung and Zhangxi Lin

In December 2011, the National Computer Network Emergency Response Technical Team/Coordination Center of China reported the most serious user data leak in history which…

282

Abstract

Purpose

In December 2011, the National Computer Network Emergency Response Technical Team/Coordination Center of China reported the most serious user data leak in history which involved 26 databases with 278 million user accounts and passwords. After acquiring the user data from this massive information leak, this study has two major research purposes: the paper aims to reveal similarities and differences of password construction among four companies; and investigate how culture factors shape user password construction in China.

Design/methodology/approach

This article analyzed real‐life passwords collected from four companies by comparing the following attributes: password length, password constitution, top 20 frequent passwords, character frequency distributions, string similarity, and password reuse.

Findings

Major findings include that: general users in China have a weaker sense of security than those in Western countries, which reflected in the password lengths, the character combinations and the content structures; password constitution preferences are different between users in Western countries and in China, where passwords are more similar to the Pinyin context and Chinese number homonym; and password reuse is very common in China. General users tend to reuse the same passwords and IT professionals tend to engage in Seed Password reuse.

Research limitations/implications

Due to the rapid growth of Internet users and e‐commerce markets in China, many online service providers may not pay enough attention to security issues, but focus instead on market expansion. Employees in these companies may not be well trained in information security, resulting in carelessness when handling security issues.

Originality/value

This is the first study which attempts to consider culture influences in password construction by analyzing real‐life datasets.

Details

Nankai Business Review International, vol. 4 no. 1
Type: Research Article
ISSN: 2040-8749

Keywords

Article
Publication date: 7 October 2014

Kirsi Helkala and Tone Hoddø Bakås

The purpose of this paper is to extend the results of a Norwegian password security survey. Research, especially in the early 21st century, has shown that education is…

Abstract

Purpose

The purpose of this paper is to extend the results of a Norwegian password security survey. Research, especially in the early 21st century, has shown that education is needed to change people’s behaviour regarding password generation, management and storage. As our daily routines and duties have become more dependent on electronic services in the last decade, one could think that qualitative education is nowadays given to users. This survey is to verify that assumption.

Methodology

A nation-wide demographic survey among employees in Norway with a sample of 1,003 respondents at the ages of 18-64 years was conducted in October 2012.

Findings

The results show that the education or proper guidance seldom is given leading to the outdated users’ behaviour.

Research limitations

The results of the study are limited to the employed only and they do not explain behaviour of students, teenagers or children.

Social implications

During the current year, the results of the study have been discussed several times in national media and, hopefully, have an impact to employees’ behaviour. The results have also been used in the National Security Month campaign in October 2013.

Originality/value

The questionnaire itself is not unique. However, the large amount of respondents gives higher value to the results.

Details

Information Management & Computer Security, vol. 22 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 13 March 2017

Kristen K. Greene and Yee-Yin Choong

The purpose of this research is to investigate user comprehension of ambiguous terminology in password rules. Although stringent password policies are in place to protect…

Abstract

Purpose

The purpose of this research is to investigate user comprehension of ambiguous terminology in password rules. Although stringent password policies are in place to protect information system security, such complexity does not have to mean ambiguity for users. While many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects user comprehension of password rules.

Design/methodology/approach

This research used a combination of quantitative and qualitative methods in a usable security study with 60 participants. Study tasks contained password rules based on real-world password requirements. Tasks consisted of character-selection tasks that varied the terms for non-alphanumeric characters to explore users’ interpretations of password rule language, and compliance-checking tasks to investigate how well users can apply their understanding of the allowed character space.

Findings

Results show that manipulating password rule terminology causes users’ interpretation of the allowed character space to shrink or expand. Users are confused by the terms “non-alphanumeric”, “symbols”, “special characters” and “punctuation marks” in password rules. Additionally, users are confused by partial lists of allowed characters using “e.g.” or “etc.”

Practical implications

This research provides data-driven usability guidance on constructing clearer language for password policies. Improving language clarity will help usability without sacrificing security, as simplifying password rule language does not change security requirements.

Originality/value

This is the first usable security study to systematically measure the effects of ambiguous password rules on user comprehension of the allowed character space.

Details

Information & Computer Security, vol. 25 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 February 2005

Fawad Ahmed and M.Y. Siyal

To devise a biometric‐based mechanism for enhancing security of private keys used in cryptographic applications.

1556

Abstract

Purpose

To devise a biometric‐based mechanism for enhancing security of private keys used in cryptographic applications.

Design/methodology/approach

To enhance security of a private key, we propose a scheme that regenerates a user's private key by taking a genuine user's password, fingerprint and a valid smart card. Our scheme uses features extracted from fingerprint along with public key cryptography, cryptographic hash functions and Shamir secret sharing scheme in a novel way to achieve our desired objectives.

Findings

Despite changes in the fingerprint pattern each time it is presented, our scheme is sufficiently robust to regenerate a constant private key. As compared to conventional methods of storing a private key merely by password‐based encryption, our scheme offers more security as it requires a genuine user's password, fingerprint and a valid smart card. Key lengths up to 1024‐bit or even higher can be regenerated making the scheme compatible with the current security requirements of public key cryptosystems.

Research limitations/implications

Minutia points used for image alignment can be incorporated in the key regeneration algorithm for stronger user authentication. In this case, some alternative technique will be required for image alignment.

Practical implications

The robustness of our scheme depicts its use in practical systems where there are variations in fingerprint patterns because of sensor noise and alignment issues.

Originality/value

In this paper, we have demonstrated a novel idea of regenerating the private key of a user by using fingerprint, password and a smart card. The basic aim is to provide more security to key storage as compared to traditional methods that uses password‐based encryption for secure storage of private keys.

Details

Information Management & Computer Security, vol. 13 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 10 of over 5000