Password Cracking and Countermeasures in Computer Security: A Survey

With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.Comment: add copyright to the tables to the original authors, add acknowledgement to helpe

Machine Learning Based Prediction versus Human-as-a-Security-Sensor

Phishing is one of the most common cyber threats in the world today. It is a type of social engineering attack where the attacker lures unsuspecting victims into carrying out certain tasks mostly to steal personal and sensitive information. These stolen information are exploited to commit further crimes e.g. blackmails, data theft, financial theft, malware installation etc. This study was carried out to tackle this problem by designing an anti-phishing learning algorithm to detect phishing emails and also to study the accuracies of human phishing prediction to machine prediction. A graphical user interface was designed to emulate an email-client system that popped-up a warning on detecting a phishing mail successfully and collection of predictions made by expert and non-expert users on anti-phishing techniques. These predictions were compared to the predictions made by the machine learning algorithm to compare the efficiencies of all predictions considered in this research. The performance of the classifier used was measured with metrics such as confusion matrix, accuracy, receiver operating characteristic curve and area under grap

Empirical results of an experimental study on the role of password strength and cognitive load on employee productivity

The demand or information system authentication has significantly increased over the last decade. Research has shown that the majority of user authentications remain to be password - based,however,itiswelldocumentedthatpasswordshavesignificantlimitations.Toaddress this issue,companieshavebeenplacingincreasedrequirementsontheusertoensuretheir passwords are more complex and consequently stronger with little consideration on the impact on employee productivity .Thus, this study was set to determine the effects of changing the password strength (cognitive load) overtime and its impact on employee productivity .A n experimentwithtwoexperimentalgroupsandonecontrolgroupwasconducted.Datawas collected on the number of failed operating system logon attempts, users’ logon times, task completion times, and number of reset requests.Thedatacollectedfrom72participantswas analyzed for group differences and when controlling for computer experience, age, and gender. Our results showed significant differences on all measures between the three groups. However, no significant differences were observed when controlling for computer experience, age, and gender. Furthermore, the results indicated a significant difference between the user’s perceptions about passwords before and after the experiment. Our results may help organizations to realize the point at which increasing authentication places a higher cognitive load on the users, which in turn affects their productivity

An Experimental Study on the Role of Password Strength and Cognitive Load on Employee Productivity

The proliferation of information systems (IS) over the past decades has increased the demand for system authentication. While the majority of system authentications are password-based, it is well documented that passwords have significant limitations. To address this issue, companies have been placing increased requirements on the user to ensure their passwords are more complex and consequently stronger. In addition to meeting a certain complexity threshold, the password must also be changed on a regular basis. As the cognitive load increases on the employees using complex passwords and changing them often, they may have difficulty recalling their passwords. As such, the focus of this experimental study was to determine the effects of raising the cognitive load of the authentication strength for users upon accessing a system via increased strength for passwords requirements. This experimental research uncovered the point at which raising the authentication strength for passwords becomes counterproductive by its impact on end-user performances. To investigate the effects of changing the cognitive load (via different password strength) over time, a quasi-experiment was proposed. Data was collected in an effort to analyze the number of failed operating system (OS) logon attempts, users’ average logon times, average task completion times, and number of requests for assistance (unlock & reset account). Data was also collected for the above relationships when controlled for computer experience, age, and gender. This quasi-experiment included two experimental groups (Group A & B), and a control group (Group C). There was a total of 72 participants from the three groups. Additionally, a pretest-posttest experiment survey was administered before and after the quasi-experiment. Such assessment was done in an effort to see if user’s perceptions of password use would be changed by participating in this experimental study. The results indicated a significant difference between the user’s perceptions about passwords before and after the quasi-experiment. The Multivariate Analysis of Variance (MANOVA) and Multivariate Analysis of Covariate (MANCOVA) tests were conducted. The results revealed a significance difference on the number of failed logon attempts, average logon times, average task completion, and amount of request for assistance between the three groups (two treatment groups & the control group). However, no significant differences were observed when controlling for computer experience, age, and gender. This research study contributed to the body of knowledge and has implications for industry as well as for further study in the information systems domain. It contributed by giving insight into the point at which an increase of the cognitive load (via different password strengths) become counterproductive to the organization by causing an increase in number of failed OS logon attempts, users\u27 average logon times, average task completion times, and number of requests for assistance (unlock and reset account). Future studies may be conducted in the industry as results by differ from college students