Top

Published in:

2020 | OriginalPaper | Chapter

Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining

Authors : Joakim Kävrestad, Marcus Nohlberg

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this paper, we describe and evaluate how the learning framework ContextBased MicroTraining (CBMT) can be used to assist users to create strong passwords. Rather than a technical enforcing measure, CBMT is a framework that provides information security training to users when they are in a situation where the training is directly relevant. The study is carried out in two steps. First, a survey is used to measure how well users understand password guidelines that are presented in different ways. The second part measures how using CBMT to present password guidelines affect the strength of the passwords created. This experiment was carried out by implementing CBMT at the account registration page of a local internet service provider and observing the results on user-created passwords. The results of the study show that users presented with passwords creation guidelines using a CBMT learning module do understand the password creation guidelines to a higher degree than other users. Further, the experiment shows that users presented with password guidelines in the form of a CBMT learning module do create passwords that are longer and more secure than other users. The assessment of password security was performed using the zxcvbn tool, developed by Dropbox, that measures password entropy.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Improving Big Data Clustering for Jamming Detection in Smart Mobility

next chapter Facilitating Privacy Attitudes and Behaviors with Affective Visual Design

Kävrestad, J., Eriksson, F., Nohlberg, M.: Understanding passwords–a taxonomy of password creation strategies. Inf. Comput. Secur. 27(3), 453–467 (2019)CrossRef

Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. ACM (2018)

Woods, N., Siponen, M.: Too many passwords? How understanding our memory can increase password memorability. Int. J. Hum. Comput. Stud. 111, 36–48 (2018)CrossRef

Brumen, B.: Security analysis of game changer password system. Int. J. Hum. Comput. Stud. 126, 44–52 (2019)CrossRef

Shay, R., et al.: Designing password policies for strength and usability. ACM Trans. Inf. Syst. Secur. 18(4), 1–34 (2016)CrossRef

Petsas, T., Tsirantonakis, G., Athanasopoulos, E., Ioannidis, S.: Two-factor authentication: is the world ready?: Quantifying 2FA adoption. In: Proceedings of the Eighth European Workshop on System Security. ACM (2015)

Das, S., Dingman, A., Camp, L.J.: Why Johnny doesn’t use two factor a two-phase usability study of the FIDO U2F security key. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 160–179. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_9CrossRef

Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium (1999)

Weirich, D., Sasse, M.A.: Pretty good persuasion: a first step towards effective password security in the real world. In: Proceedings of the 2001 Workshop on New Security Paradigms. ACM (2001)

10.

Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65–78 (2015)CrossRef

11.

Kävrestad, J., Skärgård, M., Nohlberg, M.: Users perception of using CBMT for information security training. In: Human Aspects of Information Security & Assurance (HAISA 2019) Nicosia (2019)

12.

Kävrestad, J., Nohlberg, M.: Using context based micro training to develop OER for the benefit of all. In: Proceedings of the 15th International Symposium on Open Collaboration. ACM (2019)

13.

Hedin, A.: Lärande på hög nivå. Uppsala Universitet (2006)

14.

Knowles, M.S.: Andragogy in Action: Applying Principles of Adult Learning. Jossey-Bass, San Farancisco (1984)

15.

Herrington, J., Oliver, R.: Critical characteristics of situated learning: implications for the instructional design of multimedia (1995)

16.

Parsons, K., Butavicius, M., Lillie, M., Calic, D., McCormac, A., Pattinson, M.: Which individual, cultural, organisational and inerventional factors explain phishing resilience? In: Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, UK. University of Plymouth (2018)

17.

Wang, M., Xiao, J., Chen, Y., Min, W.: Mobile learning design: the LTCS model. In: 2014 International Conference on Intelligent Environments (IE). IEEE (2014)

18.

McLoughlin, C., Lee, M.: Mapping the digital terrain: new media and social software as catalysts for pedagogical change. Ascilite Melbourne (2008)

19.

Bruck, P.A., Motiwalla, L., Foerster, F.: Mobile learning with micro-content: a framework and evaluation. In: Bled eConference, vol. 25 (2012)

20.

Koedinger, K.R., Kim, J., Jia, J.Z., McLaughlin, E.A., Bier, N.L.: Learning is not a spectator sport: doing is better than watching for learning from a MOOC. In: 2015 Proceedings of the Second ACM Conference on Learning@ Scale. ACM (2015)

21.

Boud, D., Feletti, G.: The Challenge of Problem-Based Learning. Psychology Press, Routledge (2013)CrossRef

22.

Kävrestad, J., Nohlberg, M.: Online fraud defence by context based micro training. In: HAISA (2015)

23.

Werme, J.: Security awareness through micro-training: an initial evaluation of a context based micro-training framework (2014)

24.

Furnell, S., Esmael, R., Yang, W., Li, N.: Enhancing security behaviour by supporting the user. Comput. Secur. 75, 1–9 (2018)CrossRef

25.

Microsoft. Security Identifier (2019). https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers#security-identifier-architecture. Accessed 2019

26.

Yahoo: Password tips (n.d.). https://safety.yahoo.com/Security/STRONG-PASSWORD.html

27.

Apple. Security and your Apple ID. (n.d.) https://support.apple.com/en-us/HT201303. Accessed 12 Sept 2019

28.

Grassi, P., et al.: NIST special publication 800–63b: digital identity guidelines. National Institute of Standards and Technology (NIST) (2017)

29.

ENISA. Authentication Methods (n.d.). https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/authentication-methods. Accessed 04 Oct 2019

30.

ISO/IEC, Information technology - Security techniques - Code of practice for information security controls. ISO/IEC (2017)

31.

Kävrestad, J., Lennartsson, M., Birath, M., Nohlberg, M.: Constructing secure and memorable passwords. Inf. Comput. Secur. https://doi.org/10.1108/ICS-07-2019-0077

32.

Lincoln, Y.S., Guba, E.G.: Naturalistic Inquiry, vol. 75. Sage (1985)

33.

Schrittwieser, S., Mulazzani, M., Weippl, E.: Ethics in security research which lines should not be crossed? In: Security and Privacy Workshops (SPW), IEEE (2013)

34.

Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: USENIX Security Symposium (2016)

35.

XDCD Carnavalet, Mannan, M.: A large-scale evaluation of high-impact password strength meters. ACM Trans. Inf. Syst. Secur. (TISSEC) 18(1), 1 (2015)

36.

Dropbox: Low-Budget Password Strength Estimation (2019). https://github.com/dropbox/zxcvbn. Accessed 07 Oct 2019

37.

Siponen, M.T.: Five dimensions of information security awareness. SIGCAS Comput. Soc. 31(2), 24–29 (2001)CrossRef

38.

Mendes, M., Pala, A.: Type I error rate and power of three normality tests. Pak. J. Inf. Technol. 2(2), 135–139 (2003)CrossRef

39.

McKnight, P.E., Najab, J.: Mann-Whitney U test. Corsini Encycl. Psychol. 1 (2010)

Title: Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining
Authors: Joakim Kävrestad
Marcus Nohlberg
Publisher: Springer International Publishing
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-030-58200-5

Electronic ISBN: 978-3-030-58201-2

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-58201-2_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner