Search results

1 – 10 of 918
Article
Publication date: 25 November 2013

Mark Ciampa

Text-based passwords created by users are typically weak. A common mitigation is to provide meaningful feedback to users regarding the relative strength of their newly created…

1129

Abstract

Purpose

Text-based passwords created by users are typically weak. A common mitigation is to provide meaningful feedback to users regarding the relative strength of their newly created password. However, the effects of these feedback mechanisms on users to create stronger passwords have not been well studied. This study examined four different types of password feedback mechanisms to determine which, if any, are the most effective. The paper aims to discuss these issues.

Design/methodology/approach

Undergraduate student volunteers created four different passwords and then entered the passwords into four different online password feedback mechanisms. Participants were then asked whether the feedback persuaded them to change their original password.

Findings

In all cases, the feedback mechanisms significantly influenced users with lower password entropy to choose a more secure password. The password feedback mechanism that was most effective was the feedback of the estimated amount of time to break the password.

Research limitations/implications

Undergraduate students in an academic environment were the participants, which may limit external validity.

Practical implications

The implications are for designers of web sites and other applications that require users to create a text-based password: any feedback mechanism can influence users to create passwords with higher entropy, yet those that indicate the length of time it would take to crack the password are most effective.

Originality/value

There are a wide variety of password feedback mechanisms in use. However, their effects on influencing users to create stronger passwords have not been well studied.

Details

Information Management & Computer Security, vol. 21 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 25 February 2014

Chi-Lun Liu

This work empirically evaluates the effectiveness of the novel ontology-based access-control mechanism and the common password-protected access-control mechanism for social blogs…

Abstract

Purpose

This work empirically evaluates the effectiveness of the novel ontology-based access-control mechanism and the common password-protected access-control mechanism for social blogs. The paper aims to discuss these issues.

Design/methodology/approach

The ontology-based access-control scheme is designed to fit two characteristics of blog activities: social relationships and tags. A laboratory experiment is conducted to assess the perceived privacy benefit and perceived ease of use of the two mechanisms.

Findings

Analytical results indicate that, with the ontology-based access-control scheme, users perceive more privacy benefit than with the password-protected access-control scheme. The perceived ease of use with the ontology-based and password-protected access-control systems did not differ significantly.

Research limitations/implications

Cross-boundary collaborations need an appropriate approach to control communication access. Further study is required to evaluate the ontology-based access-control scheme applied in cross-organizational and cross-departmental collaborations.

Practical implications

From a knowledge management perspective, blogs can store personal and organizational knowledge and experiences. The ontology-based access-control scheme encourages knowledge sharing for appropriate persons.

Originality/value

The new ontology-based access-control mechanism can help online users keep secrets from selected people to gain more privacy benefits than the existing password-protected access-control mechanism.

Details

Kybernetes, vol. 43 no. 2
Type: Research Article
ISSN: 0368-492X

Keywords

Article
Publication date: 9 November 2015

Alain Forget, Sonia Chiasson and Robert Biddle

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords

1339

Abstract

Purpose

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner.

Design/methodology/approach

This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection.

Findings

This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points.

Originality/value

This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.

Details

Information & Computer Security, vol. 23 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 March 1999

K.H. Spencer Pickett

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the…

39985

Abstract

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.

Details

Management Decision, vol. 37 no. 2
Type: Research Article
ISSN: 0025-1747

Keywords

Article
Publication date: 1 June 1998

K.H. Spencer Pickett

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the…

38379

Abstract

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.

Details

Managerial Auditing Journal, vol. 13 no. 4/5
Type: Research Article
ISSN: 0268-6902

Keywords

Article
Publication date: 1 October 2007

P.L. Wessels and L.P. Steenkamp

The current syllabus (programme of education) prescribed by the South African Institute of Chartered Accountants (SAICA) emphasises that it is important for students to acquire…

Abstract

The current syllabus (programme of education) prescribed by the South African Institute of Chartered Accountants (SAICA) emphasises that it is important for students to acquire knowledge and skills in interacting with information technology (IT). One of the basic IT skills identified by SAICA is the ability of students to apply controls to personal systems in order to ensure the processing integrity of IT resources and to ensure that IT resources are secure and properly safeguarded. The research questions investigated in this article are whether and where students acquire the knowledge and skills they need in using passwords as a control mechanism, and whether they actually apply the knowledge and skills they have acquired when they access information systems and networks. On the basis of a survey, the article concludes that there is a definite increase in the level of students’ knowledge of which actions are considered to be good password practices from the time when they have recently matriculated to their third year. However, it is also clear from the results of the survey that these competencies are not yet being fully applied in the real‐world arena of accessing online password‐protected accounts.

Details

Meditari Accountancy Research, vol. 15 no. 2
Type: Research Article
ISSN: 1022-2529

Keywords

Article
Publication date: 17 June 2021

Karen Renaud, Graham Johnson and Jacques Ophoff

The purpose of this paper is to reveal the lived experiences of dyslexics in engaging with all kinds of alphanumeric authentication mechanisms.

Abstract

Purpose

The purpose of this paper is to reveal the lived experiences of dyslexics in engaging with all kinds of alphanumeric authentication mechanisms.

Design/methodology/approach

A significant proportion of the world’s population experiences some degree of dyslexia, which can lead to spelling, processing, sequencing and retention difficulties. Passwords, being essentially sequences of alphanumeric characters, make it likely that dyslexics will struggle with these, even more so than the rest of the population. Here, this study explores the difficulties people with dyslexia face, their general experiences with passwords, the coping strategies they use and the advice they can provide to developers and others who struggle with passwords. This paper collects empirical data through semi-structured interviews with 13 participants. Thematic analysis was used to provide an in-depth view of each participant’s experience.

Findings

The main contribution of this paper is to provide evidence related to the inaccessibility dimensions of passwords as an authentication mechanism, especially for dyslexics and to recommend a solution direction.

Research limitations/implications

There is a possible volunteer bias, as this study is dealing with self-reported data including historical and reflective elements and this paper is seeking information only from those with self-declared or diagnosed dyslexia. Furthermore, many expressed interest or curiosity in the relationship between dyslexia and password difficulties, for some a motivation for their participation. Finally, given that the participants told us that dyslexics might hide, it is possible that the experiences of those who do hide are different from those who chose to speak to us and thus were not hiding.

Originality/value

A few authors have written about the difficulties dyslexics face when it comes to passwords, but no one has asked dyslexics to tell them about their experiences. This paper fills that gap.

Details

Information & Computer Security, vol. 29 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 13 November 2017

Kushal Anjaria and Arun Mishra

Nowadays, to design the information security mechanism for computing and communication systems, there are various approaches available like cryptographic approach, game-theoretic…

Abstract

Purpose

Nowadays, to design the information security mechanism for computing and communication systems, there are various approaches available like cryptographic approach, game-theoretic approach, quantitative–qualitative analysis-based approach, cognitive-behavioral approach, digital forensic-based approach and swarm computing-based approach. The contemporary research in these various fields is independent in nature. The purpose of this paper is to investigate the relationship between these various approaches to information security and cybernetics.

Design/methodology/approach

To investigate the relationship between information security mechanisms and cybernetics, Norbert Wiener’s concepts and philosophy of the cybernetics have been used in the present work. For a detailed study, concepts, techniques and philosophy of the cybernetics have been extracted from the books of Norbert Wiener titled “The human use of human beings” and “Cybernetics or control and communication in the animal and the machine”.

Findings

By revisiting the concepts of the cybernetics from the information security perspectives, it has been found that the aspects of information security and the aspects of cybernetics have great bonding.

Originality/value

The present paper demonstrates how bonding between cybernetics and information security can be used to solve some of the complex research challenges in information security area.

Details

Kybernetes, vol. 46 no. 10
Type: Research Article
ISSN: 0368-492X

Keywords

Article
Publication date: 30 November 2021

Bhaveer Bhana and Stephen Vincent Flowerday

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting…

Abstract

Purpose

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting or mistyping the password (usually because of character switching). The source of this issue is that while a password containing combinations of lowercase characters, uppercase characters, digits and special characters (LUDS) offers a reasonable level of security, it is complex to type and/or memorise, which prolongs the user authentication process. This results in much time being spent for no benefit (as perceived by users), as the user authentication process is merely a prerequisite for whatever a user intends to accomplish. This study aims to address this issue, passphrases that exclude the LUDS guidelines are proposed.

Design/methodology/approach

To discover constructs that create security and to investigate usability concerns relating to the memory and typing issues concerning passphrases, this study was guided by three theories as follows: Shannon’s entropy theory was used to assess security, chunking theory to analyse memory issues and the keystroke level model to assess typing issues. These three constructs were then evaluated against passwords and passphrases to determine whether passphrases better address the security and usability issues related to text-based user authentication. A content analysis was performed to identify common password compositions currently used. A login assessment experiment was used to collect data on user authentication and user – system interaction with passwords and passphrases in line with the constructs that have an impact on user authentication issues related to security, memory and typing. User–system interaction data was collected from a purposeful sample size of 112 participants, logging in at least once a day for 10 days. An expert review, which comprised usability and security experts with specific years of industry and/or academic experience, was also used to validate results and conclusions. All the experts were given questions and content to ensure sufficient context was provided and relevant feedback was obtained. A pilot study involving 10 participants (experts in security and/or usability) was performed on the login assessment website and the content was given to the experts beforehand. Both the website and the expert review content was refined after feedback was received from the pilot study.

Findings

It was concluded that, overall, passphrases better support the user during the user authentication process in terms of security, memory issues and typing issues.

Originality/value

This research aims at promoting the use of a specific type of passphrase instead of complex passwords. Three core aspects need to be assessed in conjunction with each other (security, memorisation and typing) to determine whether user-friendly passphrases can support user authentication better than passwords.

Details

Information & Computer Security, vol. 30 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 9 October 2017

Jeremiah D. Still, Ashley Cain and David Schuster

Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been…

Abstract

Purpose

Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.

Design/methodology/approach

The guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.

Findings

Instead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and what human capabilities can be exploited. A list of six guidelines that designers ought to consider when developing a new usable authentication scheme has been presented.

Research limitations/implications

This consolidated list of usable authentication guidelines provides system developers with immediate access to common design issues impacting usability. These guidelines ought to assist designers in producing more secure products in fewer costly development cycles.

Originality/value

Cybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the user. It is argued that authentication schemes with poor usability are inherently insecure, as users will inadvertently weaken the security in their efforts to use the system. The study proposes that designers need to consider the human factors that impact end-user behavior. Development from this perspective will address the greatest weakness in most security systems by increasing end-user compliance.

Details

Information & Computer Security, vol. 25 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 10 of 918