Encouraging users to improve password security and memorability

Security issues in text-based password authentication are rarely caused by technical issues, but rather by the limitations of human memory, and human perceptions together with their consequential responses. This study introduces a new user-friendly guideline approach to password creation, including persuasive messages that motivate and influence users to select more secure and memorable text passwords without overburdening their memory. From a broad understanding of human factors-caused security problems, we offer a reliable solution by encouraging users to create their own formula to compose passwords. A study has been conducted to evaluate the efficiency of the proposed password guidelines. Its results suggest that the password creation methods and persuasive message provided to users convinced them to create cryptographically strong and memorable passwords. Participants were divided into two groups in the study. The participants in the experimental group who were given several password creation methods along with a persuasive message created more secure and memorable passwords than the participants in the control group who were asked to comply with the usual strict password creation rules. The study also suggests that our password creation methods are much more efficient than strict password policy rules. The security and usability evaluation of the proposed password guideline showed that simple improvements such as adding persuasive text to the usual password guidelines consisting of several password restriction rules make significant changes to the strength and memorability of passwords. The proposed password guidelines are a low-cost solution to the problem of improving the security and usability of text-based passwords

Introducing a Machine Learning Password Metric Based on EFKM Clustering Algorithm

we introduce a password strength metric using Enhanced Fuzzy K-Means clustering algorithm (EFKM henceforth). The EFKM is trained on the OWASP list of 10002 weak passwords. After that, the optimized centroids are maximized to develop a password strength metric. The resulting meter was validated by contrasting with three entropy-based metrics using two datasets: the training dataset (OWASP) and a dataset that we collected from github website that contains 5189451 leaked passwords. Our metric is able to recognize all the passwords from the OWASP as weak passwords only. Regarding the leaked passwords, the metric recognizes almost the entire set as weak passwords. We found that the results of the EFKM-based metric and the entropy-based meters are consistent. Hence the EFKM metric demonstrates its validity as an efficient password strength checker

Pengembangan Sistem Informasi Terintegrasi UPT Balai Latihan Kerja Dinas Tenaga Kerja Dan Transmigrasi Jawa Timur

Unit Pelaksana Teknis Balai Latihan Kerja (UPT BLK) is a unit providing training services for job seeker underEmployment and Transmigration Services of East Java Province forspecific work areas. 16 Technical Execution Unit (UPT) and Job Training Center (BLK) under Employment and Transmigration Services serves job seekers through 177 training services. Currently, each UPT BLK runs itstraining services business process in a diverse way.The systems running in each UPT BLKs have not been integrated yetbetween other BLKs and Labor and Transmigration Services of East Java. This leads to non-standard services to the job seeker and the inability of UPT BLK and the Employment and Transmigration Services of East Java to share information quickly. This study aims to develop an integrated information system to implement training so that there is uniformity of service delivery for all UPT BLKs in the DisnakertransJatim by one-gate access. The research was developed using the Design Science Research methodology. A web-based integrated system for all UPT BLKs to assist the process of organizing training is chosen as its artifact. The method of focus group discussion, interviews, and observations throughout the application development process. Based on the results of the evaluation, it was found that 95% of respondents were very satisfied in terms of system usability and were greatly helped by the operational side of the system in completing their wor

Does Personality Traits and Security Habits Influence Security of Personal Identification Numbers? The Context of Mobile Money Services in Tanzania.

Security is an important ingredient in financial transactions; as such, it is imperative that attention should be paid to enhancing the security habits and user behaviours of mobile payment services. Establishing a link between security habits, personality characteristics, and security behaviours provides a new dimension to studying security behaviours regarding mobile money services. Therefore, this study investigates how personality traits affect security behaviours and habits and how security habits mediate the link between personality traits and PIN security practices. The study found that conscientiousness, openness to experience, extroversion and security habits influence PIN security practices, while conscientiousness, agreeableness, and neuroticism influence security habits. Further, the study found security habits mediate the relationships between conscientiousness, agreeableness, neuroticism and PIN security practices. The study has managerial consequences for the players in the mobile money services domain in addition to its theoretical ramifications

Security and usability of a personalized user authentication paradigm : insights from a longitudinal study with three healthcare organizations

Funding information: This research has been partially supported by the EU Horizon 2020 Grant 826278 "Securing Medical Data in Smart Patient-Centric Healthcare Systems" (Serums) , and the Research and Innovation Foundation (Project DiversePass: COMPLEMENTARY/0916/0182).This paper proposes a user-adaptable and personalized authentication paradigm for healthcare organizations, which anticipates to seamlessly reflect patients’ episodic and autobiographical memories to graphical and textual passwords aiming to improve the security strength of user-selected passwords and provide a positive user experience. We report on a longitudinal study that spanned over three years in which three public European healthcare organizations participated in order to design and evaluate the aforementioned paradigm. Three studies were conducted (n=169) with different stakeholders: i) a verification study aiming to identify existing authentication practices of the three healthcare organizations with diverse stakeholders (n=9); ii) a patient-centric feasibility study during which users interacted with the proposed authentication system (n=68); and iii) a human guessing attack study focusing on vulnerabilities among people sharing common experiences within location-aware images used for graphical passwords (n=92). Results revealed that the suggested paradigm scored high with regards to users’ likeability, perceived security, usability and trust, but more importantly it assists the creation of more secure passwords. On the downside, the suggested paradigm introduces password guessing vulnerabilities by individuals sharing common experiences with the end-users. Findings are expected to scaffold the design of more patient-centric knowledge-based authentication mechanisms within nowadays dynamic computation realms.PostprintPeer reviewe

An Empirical Assessment of the Use of Password Workarounds and the Cybersecurity Risk of Data Breaches

Passwords have been used for a long time to grant controlled access to classified spaces, electronics, networks, and more. However, the dramatic increase in user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure a high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. The increased use of IS as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password entropy, users still often participate in deviant password behaviors, known as ‘password workarounds’ or ‘shadow security.’ These deviant password behaviors can put individuals and organizations at risk, resulting in data privacy. This study, engaging 303 IS users and 27 Subject Matter Experts (SMEs), focused on designing, developing, and empirically validating Password Workaround Cybersecurity Risk Taxonomy (PaWoCyRiT)—a model supported on perceived cybersecurity risks from Password Workarounds (PWWA) techniques and their usage frequency. A panel of SMEs validated the PWWA list from existing literature with recommended adjustments. Additionally, the perception level of the cybersecurity risks of each technique was measured from the 27 SMEs and 303 IS users. They also provided their self-reported and reported on coworkers\u27 engagement frequencies related to the PWWA list. Noteworthy, significant differences were found between SMEs and IS users in their aggregated perceptions of cybersecurity risks of the PWWAs, with IS users perceiving higher risks. Engagement patterns varied between the groups, as well as factors like years of IS experience, gender, and job level had significant differences among groups. The PaWoCyRiT was developed to provide insights into password-related risks and behaviors

Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems in South Africa

Information Scienc