Understanding passwords – a taxonomy of password creation strategies

Kävrestad, Joakim; Eriksson, Fredrik; Nohlberg, Marcus

doi:10.1108/ics-06-2018-0077

Cited by 7 publications

(6 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The overall aim of this study was to identify ways for users to create passwords that are computationally secure and easy to remember. First, the password creation strategies suggested by Kävrestad et al (2019) were analyzed to identify the strategies that support the creation of memorable passwords. While there is no comprehensive study conducted with the aim of analyzing the memory aspect of all possible password creations strategies, there is a lot of literature available on the topic.…”

Section: Discussionmentioning

confidence: 99%

“…The password creation strategies taken into account in this study are based on Kävrestad et al (2019), which describes the following password creation strategies: User-generated passwords, which are passwords created by a user. System-generated passwords, which are passwords generated by the software.…”

Section: Methodsmentioning

confidence: 99%

“…The purpose of this paper was to research methods for the creation of passwords that are usable and computationally secure by identifying cognitive password creation strategies that can be used to create memorable passwords that are also computationally secure. The paper users the password creation strategies listed by Kävrestad et al (2019) and has not considered any other possible password creation strategies. Should any new cognitive password creation strategies arise, the methodology applied in this paper could be applied to that strategy to evaluate the new strategies against the strategies evaluated in this paper.…”

Section: Limitations Of This Workmentioning

confidence: 99%

“…The purpose of this study is to meet the problem just described by looking for cognitive password creation strategies that can be used to create memorable passwords that are also computationally secure. The different password creation strategies described by Kävrestad et al (2019) are taken into consideration in this study. First, a structured literature review is performed to identify the strategies that can help users create memorable passwords.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Constructing secure and memorable passwords

Kävrestad

Lennartsson

Birath

et al. 2020

ICS

Self Cite

View full text Add to dashboard Cite

Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remain the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to find strategies that allow for the generation of passwords that are both memorable and computationally secure. Design/methodology/approach The study began with a literature review that was used to identify cognitive password creation strategies that facilitate the creation of passwords that are easy to remember. Using an action-based approach, attack models were created for the resulting creation strategies. The attack models were then used to calculate the entropy for passwords created with different strategies and related to a theoretical cracking time. Findings The result of this study suggests that using phrases with four or more words as passwords will generate passwords that are easy to remember and hard to attack. Originality/value This paper considers passwords from a socio-technical approach and provides insight into how passwords that are easy to remember and hard to crack can be generated. The results can be directly used to create password guidelines and training material that enables users to create usable and secure passwords.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Limitations Of This Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Constructing secure and memorable passwords

Kävrestad

Lennartsson

Birath

et al. 2020

ICS

Self Cite

View full text Add to dashboard Cite

show abstract

“…As our dependence on digital services increases so does our need for information security, and a key aspect of information security is security behavior including the ability to select good passwords to protect our social media accounts, work accounts, encrypted data and more. However, there is a wealth of papers demonstrating that users tend to select passwords that are easy to guess for an attacker [1][2][3]. Practitioners, as well as researchers, continuously try to find ways to make users select good passwords, by enforcing complexity rules or using different support systems [4,5].…”

Section: Introductionmentioning

confidence: 99%

Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining

Kävrestad

Nohlberg

2020

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

In this paper, we describe and evaluate how the learning framework ContextBased MicroTraining (CBMT) can be used to assist users to create strong passwords. Rather than a technical enforcing measure, CBMT is a framework that provides information security training to users when they are in a situation where the training is directly relevant. The study is carried out in two steps. First, a survey is used to measure how well users understand password guidelines that are presented in different ways. The second part measures how using CBMT to present password guidelines affect the strength of the passwords created. This experiment was carried out by implementing CBMT at the account registration page of a local internet service provider and observing the results on user-created passwords. The results of the study show that users presented with passwords creation guidelines using a CBMT learning module do understand the password creation guidelines to a higher degree than other users. Further, the experiment shows that users presented with password guidelines in the form of a CBMT learning module do create passwords that are longer and more secure than other users. The assessment of password security was performed using the zxcvbn tool, developed by Dropbox, that measures password entropy.

show abstract

ContextBased MicroTraining: A Framework for Information Security Training

Kävrestad¹,

Nohlberg²

2020

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

This paper address the emergent need for training measures designed to improve user behavior in regards to security. We do this by proposing a framework for information security training that has been developed for several years and over several projects. The result is the framework ContextBased MicroTraining (CBMT) which provides goals and guidelines for how to better implement information security training that supports the user in the situation where the user needs support. CBMT has been developed and tested for use in higher education as well as for the support of users during passwords creation. This paper presents version 1.0 of the framework with the latest refinements.

show abstract

Understanding passwords – a taxonomy of password creation strategies

Cited by 7 publications

References 24 publications

Constructing secure and memorable passwords

Constructing secure and memorable passwords

Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining

ContextBased MicroTraining: A Framework for Information Security Training

Contact Info

Product

Resources

About