You are here: Home Contents V14 N1 V14N1_Kavrestad.html
Personal tools

The Development of a Password Classification Model

 

 

Full text
View
Purchase

Source
Journal of Information System Security
Volume 14, Number 1 (2018)
Pages 3146
ISSN 1551-0123
Authors
Joakim Kävrestad — University of Skövde, Sweden
Fredrik Eriksson — University of Skövde, Sweden
Marcus Nohlberg — University of Skövde, Sweden
Publisher
Information Institute Publishing, Washington DC, USA

 

 

Abstract

In order to ensure that we are the only ones that can access our data, we use authentication to secure our computers and different online accounts. Passwords remain the most common type of authentication, even if there are several different ways to authenticate, including biometrics and tokens. With this study we aim to reveal and collect the different strategies that users are using when designing their passwords. To achieve this, a model was developed using interactive interviews with computer forensic experts. The model was then applied on 5,000 passwords gathered from 50 different password databases that had leaked to the Internet. The result is a model that can be used to classify passwords based on the strategy used to create them. As such, the results of this study increase the understanding of passwords and they can be used as a tool in education and training, as well as in future research.

 

 

Keywords

Passwords, Categorization, Classification, Strategies, Model

 

 

References

Blashki, K. & Nichol, S. 2005. Game geek's goss: linguistic creativity in young males within an online university forum. Australian Journal of Emerging Technologies and Society 3(2), 77–86 (2005).

Fahdi, M., Clarke, N.L. and Furnell, S.M. 2013. Challenges to Digital Forensics: A Survey of Researchers & Practitioners Attitudes and Opinions. 2013 Information Security for South Africa. pp. 1 – 8.

Florêncio, D. and Herley, C. 2007. A Large Scale Study of Web Password Habits. WWW '07 Proceedings of the 16th international conference on World Wide Web. pp 657 – 666.

Fung, G., Lau, R. and Liu, J. 1997. A Signature Based Password Authentication Method. Systems, Man and Cybernetics, 1997. Computational Cybernetics and Simulation, IEEE, Orlando, USA.

Kuo, C., Romanosky, S. and Cranor, L. 2006. Human Selection of Mnemonic Phrase-based Passwords, http://www.netsec.ethz.ch/publications/papers/ kuo_

romanosky_cranor_mnemonic.pdf, last accessed 2017/03/07.

Lincoln, Y., & Guba, E. 1985. Naturalistic Inquiry. London: SAGE Publications.

Nielsen, G., Vedel, M. and Jensen, C. 2004. Improving Usability of Passphrase Authentication. 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST), IEEE, Toronto, Canada.

Pfleeger, C., Pleeger, S. and Margulies, J. 2015. Security in Computing. 5th edn. pp 86 – 124. Prentice Hall Press Upper Saddle River, NJ, USA.

Random.org Homepage, https://www.random.org/passwords/, last accessed 2017/20/06.

Robson, C. 2011. Real World Research 3rd ed. Chichester: John Wiley & Sons.

Ross, N.: Writing in the Information Age. 2006. English Today 22(3) 39 – 45.

SANS Homepage, https://www.sans.edu/student-files/projects/password-policy-updated.pdf, last accessed 2017/02/05.

Sawyer, D. 1990. The characteristics of user-generated passwords, http://calhoun.nps.edu/bitstream/handle/10945/34860/90Mar_Sawyer.pdf?sequence=1&isAllowed=y, last accessed 2017/03/06.

Schrittwieser, S., Mulazzani, M., and Weippl, E. 2103. Ethics in Security Research - Which Lines Should Not Be Crossed? Security and Privacy Workshops (SPW), 2013 IEEE, San Francisco, USA.

Skogberg A. 2016. Vad gör en it-forensiker? Svensk Polis, http://www.svenskpolis.se/Artikelarkiv/Artiklar-20161/April-2016/Vad-gor-en-it-forensiker/, last accessed 2017/02/03.

Zivran, M. and Hara, W. Passwords Security. 2012. An Exploratory Study, http://calhoun.nps.edu/bitstream/handle/10945/29449/passwordssecurit00zvir.pdf?sequence=1&isAllowed=y, last accessed 2017/03/06.

Zivran, M. A Comparison of Password Techniques for Multilevel Authentication Mechanisms, http://calhoun.nps.edu/bitstream/handle/10945/29224/

comparisonofpass00zvir.pdf?sequence=1&isAllowed=y, last accessed 2017/03/06