Search results

This paper aims to examine the impact an individual’s long-term orientation (a cultural dimension) has on their attitude, behavioral intention and actual voluntary security actions taken in the context of the dangers related to poor account access management.

The paper relied upon survey data and actual usage information from a culturally diverse sample of 227 individuals who were introduced to the specific security problem and the accepted solution of using a password manager application.

The paper provides empirical evidence that the effect of positive attitudes increased when individuals were more long-term oriented, but the effect was reversed for average/negative attitudes toward the voluntary security behavior. Furthermore, participants with high long-term orientation and strong positive attitudes toward the security action actually adopted password manager applications 57 per cent more than the average adoption rate across the sample.

Due to the research approach (survey data), security context and sample population, the research results may lack generalizability.

The findings suggest that security awareness messaging and training should account for differences in long-term orientation of the target audience and integrate the distinctly different types of messages that have been shown to improve an individual’s participation in voluntary security actions.

The paper addresses previous research calls for examining possible cultural differences that impact security behaviors and is the only study that has focused on the impact of long-term orientation, specifically on voluntary security actions.

The purpose of this paper is to focus on a potential tradeoff between security and usability in people’s use of online passwords – in general, complex passwords are secure and desirable but difficult to use (i.e. difficult to memorize) whereas simple passwords are easy to use, but are insecure and undesirable. Construal level theory (CLT) explains how high vs low construal level causes people to focus on “desirability” vs “feasibility” of an action, which in the research context can translate into the “security” vs “usability” of using passwords.

The authors conducted a series of three laboratory experiments manipulating people’s construal level and investigating its impact on password use.

The authors found that people who were induced to think at a high construal level created or showed intention to choose stronger passwords relative to people who were induced to think at a low construal level. Furthermore, this effect was also significantly different from the control group who did not receive any experimental treatment. In addition, the authors found that perspective taking targeted at the desirability of creating a strong password further strengthened the effect of a high construal level on intended password choice.

This research makes several contributions to existing literature on password security. First, this research offers CLT as a theoretical lens to explain an individual’s thinking and behavior concerning online password use. Second, this research offers empirical evidence that a high construal level improves users’ password use, a desirable feature for improved security. Third, this research contributes to the literature on how to apply nudging to influence human behavior toward more desirable, stronger, password use. Finally, our research identifies PT as a factor enhancing the positive effect of a high construal level on online users’ password use.

This paper aims to present reports of widespread security breaches that reveal the personal information and passwords of thousands, or even millions, of people that are now unfortunately commonplace.

In an increasingly digital world, often the only thing protecting an individual’s information is a password or other similar security measure.

Libraries have an important role to play in confronting this issue, both as mediators of digital literacies and as organizations that typically require passwords from their patrons.

In addition to providing access to services through passwords, libraries set their own policies.

This column will explore the evolving technological landscape and review tools libraries can use to help patrons keep their information safe.

The purpose of this study is to understand user perceptions and misconceptions regarding security tools. Security and privacy-preserving tools (for brevity, the authors term them as “security tools” in this paper, unless otherwise specified) are designed to protect the security and privacy of people in the digital environment. However, inappropriate use of these tools can lead to unexpected consequences that are preventable. Hence, it is significant to examine why users do not understand the security tools.

The authors conducted a qualitative study with 40 participants in the USA to investigate the prevalent misconceptions of people regarding security tools, their perceptions of data access and the corresponding impact on their usage behavior and data protection strategies.

While security vulnerabilities are often rooted in people’s internet usage behavior, this study examined user’s mental models of the internet and unpacked how the misconceptions about security tools relate to those mental models.

Based on the findings, this study offers recommendations highlighting the design aspects of security tools that need careful attention from researchers and industry practitioners, to alleviate users’ misconceptions and provide them with accurate conceptual models toward the desired use of security tools.

This study aims to examine the impact of cultural familiarity with images on the memorability of recognition-based graphical password (RBG-P).

The researchers used a between-group design with two groups of 50 participants from China and the Kingdom of Saudi Arabia, using a webtool and two questionnaires to test two hypotheses in a four-week long study.

The results showed that culture has significant effects on RBG-P memorability, including both recognition and recall of images. It was also found that the login success rate depreciated quickly as time progressed, which indicates the memory decay and its effects on the visual memory.

Collectively, these results can be used to design universal RBG-Ps with maximal password deflection points. For better cross-cultural designs, designers must allow users from different cultures to personalize their image selections based on their own cultures.

The RBG-P interfaces developed without consideration for users’ cultures may lead to the construction of passwords that are difficult to memorize and easy to attack. Thus, the incorporation of cultural images is indispensable for improving the authentication posture.

The development of RBG-P with cultural considerations will make it easy for the user population to remember the password and make it more expensive for the intruder to attack.

This study provides an insight for RBG-P developers to produce a graphical password platform that increases the memorability factor.

The purpose of this paper is to reveal the lived experiences of dyslexics in engaging with all kinds of alphanumeric authentication mechanisms.

A significant proportion of the world’s population experiences some degree of dyslexia, which can lead to spelling, processing, sequencing and retention difficulties. Passwords, being essentially sequences of alphanumeric characters, make it likely that dyslexics will struggle with these, even more so than the rest of the population. Here, this study explores the difficulties people with dyslexia face, their general experiences with passwords, the coping strategies they use and the advice they can provide to developers and others who struggle with passwords. This paper collects empirical data through semi-structured interviews with 13 participants. Thematic analysis was used to provide an in-depth view of each participant’s experience.

The main contribution of this paper is to provide evidence related to the inaccessibility dimensions of passwords as an authentication mechanism, especially for dyslexics and to recommend a solution direction.

There is a possible volunteer bias, as this study is dealing with self-reported data including historical and reflective elements and this paper is seeking information only from those with self-declared or diagnosed dyslexia. Furthermore, many expressed interest or curiosity in the relationship between dyslexia and password difficulties, for some a motivation for their participation. Finally, given that the participants told us that dyslexics might hide, it is possible that the experiences of those who do hide are different from those who chose to speak to us and thus were not hiding.

A few authors have written about the difficulties dyslexics face when it comes to passwords, but no one has asked dyslexics to tell them about their experiences. This paper fills that gap.

Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords.

The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet.

The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model.

On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

A comparison was made between CDS/ISIS, its Windows version WINISIS, and InMagic’s INMAGIC and DB/TextWorks software. Packages were evaluated for their database creation, information retrieval and report production capabilities. Windows versions were found to provide significant enhancements over DOS versions of software. The evaluation aimed to determine the advantages to a developing country of creating bibliographic databases using commercial software.

The purpose of this paper is to address the design, implementation, performance and limitations of an environment that emulates a secure element for rapid prototyping and debugging. Today, it is difficult for developers to get access to a near field communication (NFC)-secure element in current smartphones. Moreover, the security constraints of smartcards make in-circuit emulation and debugging of applications impractical. Therefore, an environment that emulates a secure element brings significant advantages for developers.

The authors' approach to such an environment is the emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android Dalvik VM), as this would facilitate the use of existing debugging tools. As the operation principle of the Java Card VM is based on persistent memory technology, the VM and applications running on top of it have a significantly different life cycle compared to other Java VMs. The authors evaluate these differences and their impact on Java VM-based Java Card emulation. They compare possible strategies to overcome the problems caused by these differences, propose a possible solution and create a prototypical implementation to verify the practical feasibility of such an emulation environment.

While the authors found that the Java Card inbuilt persistent memory management is not available on other Java VMs, they present a strategy to model this persistence mechanism on other VMs to build a complete Java Card run-time environment on top of a non-Java Card VM. Their analysis of the performance degradation in a prototypical implementation caused by additional effort put into maintaining persistent application state revealed that the implementation of such an emulation environment is practically feasible.

This paper addresses the problem of emulating a complete Java Card run-time environment on top of non-Java Card virtual machines which could open and significantly ease the development of NFC secure element applications.