Understanding passwords – a taxonomy of password creation strategies. (8th July 2019)
- Record Type:
- Journal Article
- Title:
- Understanding passwords – a taxonomy of password creation strategies. (8th July 2019)
- Main Title:
- Understanding passwords – a taxonomy of password creation strategies
- Authors:
- Kävrestad, Joakim
Eriksson, Fredrik
Nohlberg, Marcus - Abstract:
- Abstract : Purpose: Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach: The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5, 000 passwords gathered from 50 different password databases that have leaked to the internet. Findings: The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value: On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance,Abstract : Purpose: Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach: The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5, 000 passwords gathered from 50 different password databases that have leaked to the internet. Findings: The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value: On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks. … (more)
- Is Part Of:
- Information and computer security. Volume 27:Number 3(2019)
- Journal:
- Information and computer security
- Issue:
- Volume 27:Number 3(2019)
- Issue Display:
- Volume 27, Issue 3 (2019)
- Year:
- 2019
- Volume:
- 27
- Issue:
- 3
- Issue Sort Value:
- 2019-0027-0003-0000
- Page Start:
- 453
- Page End:
- 467
- Publication Date:
- 2019-07-08
- Subjects:
- Computer security -- Strategies -- Passwords -- Classification -- Categorization
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-06-2018-0077 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10916.xml