Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/understanding-passwords-a-taxonomy-of-password-creation-strategies-WJPDbgzskI
References (37)
-
Yen-Long Lee, Yu-Po Cheng, Soon-Jyh Chang, Hsin-Wen Ting (2018)
A Fast and Jitter-Modulation Free Jitter Tolerance Estimation Technique for Bang- Bang CDRsIEEE Design & Test, 35
-
K. Blashki, S. Nichol (2005)
Game geek's goss: linguistic creativity in young males within an online university forum (94/\/\3 933k’5 9055oneone), 3
-
F. Freiling, Tobias Groß, Tobias Latzo, Tilo Müller, Ralph Palutke (2018)
Advances in Forensic Data AcquisitionIEEE Design & Test, 35
-
Improving usability of passphrase authentication. Privacy, security and trust (PST)
-
S. Schrittwieser, M. Mulazzani, E. Weippl (2013)
Ethics in security research which lines should not be crossed?2013 IEEE Security and Privacy Workshops
-
Nigel Ross (2006)
Writing in the Information AgeEnglish Today, 22
-
Joakim Kävrestad (2017)
Guide to Digital Forensics: A Concise and Practical Introduction -
(2005)
Organisational security culture: embedding security awareness, education and training -
Chao Shen, Tianwen Yu, Haodi Xu, Gengshan Yang, X. Guan (2016)
User practice in password security: An empirical study of real-life passwords in the wildComput. Secur., 61
-
Arvind Narayanan, Vitaly Shmatikov (2005)
Fast dictionary attacks on passwords using time-space tradeoff -
Penetration testing: concepts, attack methods, and defense strategies. Systems, applications and technology conference (LISAT)
-
M. Denis, Carlos Zena, T. Hayajneh (2016)
Penetration testing: Concepts, attack methods, and defense strategies2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT)
-
C. Kuo, Sasha Romanosky, L. Cranor (2006)
Human selection of mnemonic phrase-based passwords -
M. Fahdi, N. Clarke, S. Furnell (2013)
Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions2013 Information Security for South Africa
-
S. Garfinkel (2010)
Digital forensics research: The next 10 yearsDigit. Investig., 7
-
Nickson Karie, H. Venter (2015)
Taxonomy of Challenges for Digital ForensicsJournal of Forensic Sciences, 60
-
Rayne Reid, J. Niekerk, K. Renaud (2014)
Information security culture: A general living systems theory perspective2014 Information Security for South Africa
-
(1997)
1997 Signature based password authentication method. Systems, man, and cybernetics, 1997 computational cybernetics and simulation -
E. Stobert, R. Biddle (2014)
The Password Life Cycle: User Behaviour in Managing Passwords -
M. Golla, Benedict Beuscher, Markus Dürmuth (2016)
On the Security of Cracking-Resistant Password VaultsProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
-
A. Kyaw, Franco Sioquim, J. Joseph (2015)
Dictionary attack on Wordpress: Security and forensic analysis2015 Second International Conference on Information Security and Cyber Forensics (InfoSec)
-
M. Zviran, William Haga (1990)
Passwords Security: An Exploratory Study -
Shiva Houshmand, S. Aggarwal (2017)
Using Personal Information in Targeted Grammar-Based Probabilistic Password Attacks -
R. Morris, K. Thompson (1979)
Password security: a case historyCommun. ACM, 22
-
(2017)
Password contruction guidelines -
C. Wang, Steve Jan, Hang Hu, Douglas Bossart, G. Wang (2018)
The Next Domino to Fall: Empirical Analysis of User Passwords across Online ServicesProceedings of the Eighth ACM Conference on Data and Application Security and Privacy
-
Blase Ur, F. Noma, Jonathan Bees, Sean Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, L. Cranor (2015)
"I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab -
E. Tatli (2015)
Cracking More Password Hashes With PatternsIEEE Transactions on Information Forensics and Security, 10
-
Eva Vincze (2016)
Challenges in digital forensicsPolice Practice and Research, 17
-
Darren Sawyer (1990)
The Characteristics of User-Generated Passwords -
Dan Wheeler (2016)
zxcvbn: Low-Budget Password Strength Estimation -
D. Florêncio, Cormac Herley (2007)
A large-scale study of web password habits -
Anupam Das, Joseph Bonneau, M. Caesar, N. Borisov, Xiaofeng Wang (2014)
The Tangled Web of Password Reuse -
G. Nielsen, Michael Vedel, C. Jensen (2014)
Improving usability of passphrase authentication2014 Twelfth Annual International Conference on Privacy, Security and Trust
-
K. Wagner (2016)
Digital Evidence And Computer Crime Forensic Science Computers And The Internet -
M. Zviran, William Haga (1990)
A Comparison of Password Techniques for Multilevel Authentication MechanismsComput. J., 36
-
Saranga Komanduri (2016)
Modeling the Adversary to Evaluate Password Strength With Limited Samples
- Publisher
- Emerald Publishing
- Copyright
- © Emerald Publishing Limited
- ISSN
- 2056-4961
- DOI
- 10.1108/ics-06-2018-0077
- Publisher site
- See Article on Publisher Site
Abstract
Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords.Design/methodology/approachThe study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet.FindingsThe result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model.Originality/valueOn an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.
Journal
Information and Computer Security – Emerald Publishing
Published: Jun 19, 2019
Keywords: Computer security; Strategies; Passwords; Classification; Categorization