Search results

1 – 10 of over 4000
Article
Publication date: 1 May 1993

Charles Cresson Wood

Suggests that computer passwords can pose a major computer securityrisk, as password guessing is the most prevalent and effective method ofsystem penetration. Introduces a new…

Abstract

Suggests that computer passwords can pose a major computer security risk, as password guessing is the most prevalent and effective method of system penetration. Introduces a new computer package which can address this problem by generating difficult‐to‐guess passwords by removing human judgement from the password construction process.

Details

Information Management & Computer Security, vol. 1 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 9 November 2015

Alain Forget, Sonia Chiasson and Robert Biddle

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords…

1339

Abstract

Purpose

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner.

Design/methodology/approach

This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection.

Findings

This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points.

Originality/value

This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.

Details

Information & Computer Security, vol. 23 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 March 2013

Cheng Yang, Jui‐long Hung and Zhangxi Lin

In December 2011, the National Computer Network Emergency Response Technical Team/Coordination Center of China reported the most serious user data leak in history which involved…

301

Abstract

Purpose

In December 2011, the National Computer Network Emergency Response Technical Team/Coordination Center of China reported the most serious user data leak in history which involved 26 databases with 278 million user accounts and passwords. After acquiring the user data from this massive information leak, this study has two major research purposes: the paper aims to reveal similarities and differences of password construction among four companies; and investigate how culture factors shape user password construction in China.

Design/methodology/approach

This article analyzed real‐life passwords collected from four companies by comparing the following attributes: password length, password constitution, top 20 frequent passwords, character frequency distributions, string similarity, and password reuse.

Findings

Major findings include that: general users in China have a weaker sense of security than those in Western countries, which reflected in the password lengths, the character combinations and the content structures; password constitution preferences are different between users in Western countries and in China, where passwords are more similar to the Pinyin context and Chinese number homonym; and password reuse is very common in China. General users tend to reuse the same passwords and IT professionals tend to engage in Seed Password reuse.

Research limitations/implications

Due to the rapid growth of Internet users and e‐commerce markets in China, many online service providers may not pay enough attention to security issues, but focus instead on market expansion. Employees in these companies may not be well trained in information security, resulting in carelessness when handling security issues.

Originality/value

This is the first study which attempts to consider culture influences in password construction by analyzing real‐life datasets.

Details

Nankai Business Review International, vol. 4 no. 1
Type: Research Article
ISSN: 2040-8749

Keywords

Article
Publication date: 7 October 2014

Kirsi Helkala and Tone Hoddø Bakås

The purpose of this paper is to extend the results of a Norwegian password security survey. Research, especially in the early 21st century, has shown that education is needed to…

1030

Abstract

Purpose

The purpose of this paper is to extend the results of a Norwegian password security survey. Research, especially in the early 21st century, has shown that education is needed to change people’s behaviour regarding password generation, management and storage. As our daily routines and duties have become more dependent on electronic services in the last decade, one could think that qualitative education is nowadays given to users. This survey is to verify that assumption.

Methodology

A nation-wide demographic survey among employees in Norway with a sample of 1,003 respondents at the ages of 18-64 years was conducted in October 2012.

Findings

The results show that the education or proper guidance seldom is given leading to the outdated users’ behaviour.

Research limitations

The results of the study are limited to the employed only and they do not explain behaviour of students, teenagers or children.

Social implications

During the current year, the results of the study have been discussed several times in national media and, hopefully, have an impact to employees’ behaviour. The results have also been used in the National Security Month campaign in October 2013.

Originality/value

The questionnaire itself is not unique. However, the large amount of respondents gives higher value to the results.

Details

Information Management & Computer Security, vol. 22 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 13 March 2017

Kristen K. Greene and Yee-Yin Choong

The purpose of this research is to investigate user comprehension of ambiguous terminology in password rules. Although stringent password policies are in place to protect…

Abstract

Purpose

The purpose of this research is to investigate user comprehension of ambiguous terminology in password rules. Although stringent password policies are in place to protect information system security, such complexity does not have to mean ambiguity for users. While many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects user comprehension of password rules.

Design/methodology/approach

This research used a combination of quantitative and qualitative methods in a usable security study with 60 participants. Study tasks contained password rules based on real-world password requirements. Tasks consisted of character-selection tasks that varied the terms for non-alphanumeric characters to explore users’ interpretations of password rule language, and compliance-checking tasks to investigate how well users can apply their understanding of the allowed character space.

Findings

Results show that manipulating password rule terminology causes users’ interpretation of the allowed character space to shrink or expand. Users are confused by the terms “non-alphanumeric”, “symbols”, “special characters” and “punctuation marks” in password rules. Additionally, users are confused by partial lists of allowed characters using “e.g.” or “etc.”

Practical implications

This research provides data-driven usability guidance on constructing clearer language for password policies. Improving language clarity will help usability without sacrificing security, as simplifying password rule language does not change security requirements.

Originality/value

This is the first usable security study to systematically measure the effects of ambiguous password rules on user comprehension of the allowed character space.

Details

Information & Computer Security, vol. 25 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 February 2005

Fawad Ahmed and M.Y. Siyal

To devise a biometric‐based mechanism for enhancing security of private keys used in cryptographic applications.

1561

Abstract

Purpose

To devise a biometric‐based mechanism for enhancing security of private keys used in cryptographic applications.

Design/methodology/approach

To enhance security of a private key, we propose a scheme that regenerates a user's private key by taking a genuine user's password, fingerprint and a valid smart card. Our scheme uses features extracted from fingerprint along with public key cryptography, cryptographic hash functions and Shamir secret sharing scheme in a novel way to achieve our desired objectives.

Findings

Despite changes in the fingerprint pattern each time it is presented, our scheme is sufficiently robust to regenerate a constant private key. As compared to conventional methods of storing a private key merely by password‐based encryption, our scheme offers more security as it requires a genuine user's password, fingerprint and a valid smart card. Key lengths up to 1024‐bit or even higher can be regenerated making the scheme compatible with the current security requirements of public key cryptosystems.

Research limitations/implications

Minutia points used for image alignment can be incorporated in the key regeneration algorithm for stronger user authentication. In this case, some alternative technique will be required for image alignment.

Practical implications

The robustness of our scheme depicts its use in practical systems where there are variations in fingerprint patterns because of sensor noise and alignment issues.

Originality/value

In this paper, we have demonstrated a novel idea of regenerating the private key of a user by using fingerprint, password and a smart card. The basic aim is to provide more security to key storage as compared to traditional methods that uses password‐based encryption for secure storage of private keys.

Details

Information Management & Computer Security, vol. 13 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 11 February 2019

Salvatore Aurigemma and Thomas Mattson

This paper aims to examine the impact an individual’s long-term orientation (a cultural dimension) has on their attitude, behavioral intention and actual voluntary security…

Abstract

Purpose

This paper aims to examine the impact an individual’s long-term orientation (a cultural dimension) has on their attitude, behavioral intention and actual voluntary security actions taken in the context of the dangers related to poor account access management.

Design/methodology/approach

The paper relied upon survey data and actual usage information from a culturally diverse sample of 227 individuals who were introduced to the specific security problem and the accepted solution of using a password manager application.

Findings

The paper provides empirical evidence that the effect of positive attitudes increased when individuals were more long-term oriented, but the effect was reversed for average/negative attitudes toward the voluntary security behavior. Furthermore, participants with high long-term orientation and strong positive attitudes toward the security action actually adopted password manager applications 57 per cent more than the average adoption rate across the sample.

Research limitations/implications

Due to the research approach (survey data), security context and sample population, the research results may lack generalizability.

Practical implications

The findings suggest that security awareness messaging and training should account for differences in long-term orientation of the target audience and integrate the distinctly different types of messages that have been shown to improve an individual’s participation in voluntary security actions.

Originality/value

The paper addresses previous research calls for examining possible cultural differences that impact security behaviors and is the only study that has focused on the impact of long-term orientation, specifically on voluntary security actions.

Details

Information & Computer Security, vol. 27 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 14 March 2016

Xiaoying Yu and Qi Liao

Passwords have been designed to protect individual privacy and security and widely used in almost every area of our life. The strength of passwords is therefore critical to the…

1974

Abstract

Purpose

Passwords have been designed to protect individual privacy and security and widely used in almost every area of our life. The strength of passwords is therefore critical to the security of our systems. However, due to the explosion of user accounts and increasing complexity of password rules, users are struggling to find ways to make up sufficiently secure yet easy-to-remember passwords. This paper aims to investigate whether there are repetitive patterns when users choose passwords and how such behaviors may affect us to rethink password security policy.

Design/methodology/approach

The authors develop a model to formalize the password repetitive problem and design efficient algorithms to analyze the repeat patterns. To help security practitioners to analyze patterns, the authors design and implement a lightweight, Web-based visualization tool for interactive exploration of password data.

Findings

Through case studies on a real-world leaked password data set, the authors demonstrate how the tool can be used to identify various interesting patterns, e.g. shorter substrings of the same type used to make up longer strings, which are then repeated to make up the final passwords, suggesting that the length requirement of password policy does not necessarily increase security.

Originality/value

The contributions of this study are two-fold. First, the authors formalize the problem of password repetitive patterns by considering both short and long substrings and in both directions, which have not yet been considered in past. Efficient algorithms are developed and implemented that can analyze various repeat patterns quickly even in large data set. Second, the authors design and implement four novel visualization views that are particularly useful for exploration of password repeat patterns, i.e. the character frequency charts view, the short repeat heatmap view, the long repeat parallel coordinates view and the repeat word cloud view.

Details

Information & Computer Security, vol. 24 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 14 April 2020

Mona Mohamed, Joyram Chakraborty and Sharma Pillutla

The purpose of this study is to examine the effects of culture on the cross-cultural design of the recognition-based graphical password (RBG-P) interface as inferred from Chinese…

Abstract

Purpose

The purpose of this study is to examine the effects of culture on the cross-cultural design of the recognition-based graphical password (RBG-P) interface as inferred from Chinese and Saudi subjects’ image selections.

Design/methodology/approach

The authors use a between-group design adopted using two groups of participants from China and the Kingdom of Saudi Arabia to measure the differences caused by the effects of cultures on graphical password image selections. Three hypotheses have been tested in a four-week long study carried out using two questionnaires and an RBG-P webtool designed for images selection.

Findings

The results have indicated that participants are equally biased not only toward their own culture but also depending on their opinions about other cultures. In addition, when creating the password, it has been observed that culture not only influenced the image selection to create the password but also have an effect on the sequence of the images forming the password.

Research limitations/implications

Appropriately used image selection differences can be used appropriately in cross-cultural designs that will lead to better development of culturally adaptive interfaces that will boost the security posture of RBG-P authentication.

Practical implications

Some RBG-P interfaces that are produced outside the designer’s culture may suffer the effects of cultural differences. Hence, to incorporate culture in the interface, authentication systems within applications should be flexible by designing images that fit the culture in which the software will be used. To this end, access control interface testing should also be carried out in the environmental and cultural context in which it is will be used.

Originality/value

This paper provides useful information for international developers who develop cross-cultural usable secure designs. In such environments, the cross-culturally designs may have significant effects on the acceptability and adoption adaptation of the interface to multi-cultural settings.

Details

Journal of Systems and Information Technology, vol. 22 no. 1
Type: Research Article
ISSN: 1328-7265

Keywords

Article
Publication date: 7 November 2016

Atish Dipakbhai Nayak and Rajesh Bansode

The purpose of this paper is to increase security using persuasive cued click points (PCCP) techniques and to make a system to provide security from the malware, key loggers and…

Abstract

Purpose

The purpose of this paper is to increase security using persuasive cued click points (PCCP) techniques and to make a system to provide security from the malware, key loggers and attacks.

Design/methodology/approach

The work methodology comprises two major phases. In phase one, the PCCP take place with the registration and login process done. It also includes text-based password which hides the character of password to protect from shoulder surfing attack. In phase two, the work includes background services which protect from key loggers.

Findings

Secure password persuasive cued click point (SPPCCP) is a module that facilitates authentication for the desktop-based applications and provides a single-machine licensing functionality. SPPCCP comprises little functionality to thwart attackers, such as persuasive click points with password protection. The techniques to protect against malware such as resist from debuggers and also to the key loggers that run on desktop computers. In this, Spearman rank correlation is used for detection of key loggers. There are functionalities used to secure desktop applications such as time constraint and user selection.

Originality/value

The contribution of this paper is to provide knowledge in the field of security. It makes the graphical password more secure and useful. The intention behind this research was to increase the security level up to 60-80 per cent. It is also used for prevention of shoulder surfing problem till 80 per cent; this research is also operated on key loggers, and SPPCCP finds the key loggers and removes it from the system. It also decrypts the data of database by encrypting it by SHA-512 algorithm and reduces the average login time up to 20-30 per cent; it will make a smaller view port of 33.5 × 33.5 pixel square to have more choice to select the password, thereby decreasing the probability of hotspot area up to 18-20 per cent.

Details

International Journal of Pervasive Computing and Communications, vol. 12 no. 4
Type: Research Article
ISSN: 1742-7371

Keywords

1 – 10 of over 4000