Constructing secure and memorable passwords

Kävrestad, Joakim; Lennartsson, Markus; Birath, Marcus; Nohlberg, Marcus

doi:10.1108/ics-07-2019-0077

Cited by 10 publications

(5 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several researchers have been looking into ways to improve password authentication because moving to a new authentication method can be costly and there is always the possibility of changing some legacy systems that are not compatible with new authentication methods. Kävrestad et al [24] suggest creating passwords using four or more words; the words should form a phrase that is easy to remember. Users will lean towards usability instead of security and moving away from the default authentication method can be challenging for some users [25].…”

Section: Discussionmentioning

confidence: 99%

Attacking Windows Hello for Business: Is It What We Were Promised?

et al. 2023

View full text Add to dashboard Cite

Traditional password authentication methods have raised many issues in the past, including insecure practices, so it comes as no surprise that the evolution of authentication should arrive in the form of password-less solutions. This research aims to explore the problems that password authentication and password policies present and aims to deploy Windows Hello for Business (WHFB) on-premises. This includes creating three virtual machines (VMs) and evaluating WHFB as a password-less solution and showing how an attacker with privileged access may retrieve the end user’s domain password from the computer’s memory using Mimikatz and describing the possible results. The conducted research tests are in the form of two attack methods. This was feasible by the creation of three VMs operating in the following way. The first VM will act as a domain controller (DC) and certificate authority server (CA server). The second VM will act as an Active Directory Federation Service (ADFS). The third VM will act as the end-user device. The test findings research summarized that password-less authentication is far more secure than the traditional authentication method; this is evidenced throughout the author’s tests. Within the first test, it was possible to retrieve the password from an enrolled device for WHFB while it was still in the second phase of the deployment. The second test was a brute-force attack on the PIN of WHFB; since WHFB has measures to prevent such attacks, the attack was unsuccessful. However, even though the retrieval of the password was successful, there are several obstacles to achieving this outcome. It was concluded that many organizations still use password authentication as their primary authentication method for accessing devices and applications. Larger organizations such as Microsoft and Google support the adoption of password-less authentication for end-users, and the current usage of password-less authentication shared by both organizations is encouraged. This usually leads organizations to adopt this new solution for their IT infrastructure. This is because it has been used and tested by millions of people and has proven to be safe. This supports the findings of increased usage and the need for password-less authentication by today’s users.

show abstract

Section: Discussionmentioning

confidence: 99%

Attacking Windows Hello for Business: Is It What We Were Promised?

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Some experts have indicated that increasing memory load increases the chance of forgetting more items [106]. Remembering many different passwords is incompatible with human capabilities [107]. Thus, some users find a solution to this issue by relying on a password manager (i.e., one password for all).…”

Section: Password Rulesmentioning

confidence: 99%

Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 Websites

Albesher

2023

Sustainability

View full text Add to dashboard Cite

A sustainable online environment is essential to protecting businesses from abuse and data breaches. To protect sustainability, websites’ authentication procedures should continuously keep up with new technologies and the ways in which these technologies are used. Thus, a continuous assessment of these authentication procedures is required to ensure their usability. This research aimed to compare the status of the sign-up, sign-in, and password recovery processes on 20 websites. The researcher checked every website in a separate session and used the “think-aloud” technique while recording the screen to ensure accurate data analysis. Specific items were checked during every session to detect the similarities and differences between the tested websites in their authentication processes. The results led to valuable discussions and recommendations for improving authentication procedures. Some of these recommendations include best practices for better design of password rules, determining when two-factor authentication should be compulsory, and understanding how to improve password reset processes and keep accounts secure.

show abstract

“…However, a system-assigned password has been proposed as a solution to the security issue of user-chosen passwords. Different studies have reported that randomly assigned passwords are secure but difficult to remember [68]. Moreover, another study has proven a significantly low memorability rate of system-assigned passphrases than that of user-generated and mnemonic-guided passphrases [43].…”

Section: ) Recognition-based Textual Passwords (Human Memory and Word...mentioning

confidence: 99%

Usability and Security of Knowledge-based Authentication Systems: A State-of-the-Art Review

Wasfi¹,

Stone²

2023

IJACSA

View full text Add to dashboard Cite

Knowledge-based passwords are still the most dominant authentication method for securing digital platforms and services, in spite of the emergence of alternative systems such as token-based and biometric systems. This method has remained the most popular one mostly because of its usability, compatibility, affordability of implementation, and user familiarity. However, the main challenge of knowledge-based password schemes lies in creating passwords that provide a balance between memorability and security. This research aimed to compare various knowledgebased schemes in order to establish a strategy that provided high memorability and resilience to most cyberattacks. The overview of this research identifies areas of knowledge-based passwords for further research and enhances the methodology that helps to offer insight into usable, secure, and sustainable authentication approaches. Future work has been recommended to explore the major features and drawbacks of recognition-based textual passwords because this method provides the usability and security benefits of graphical passwords with the familiarity of textual passwords.

show abstract

Constructing secure and memorable passwords

Cited by 10 publications

References 27 publications

Attacking Windows Hello for Business: Is It What We Were Promised?

Attacking Windows Hello for Business: Is It What We Were Promised?

Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 Websites

Usability and Security of Knowledge-based Authentication Systems: A State-of-the-Art Review

Contact Info

Product

Resources

About