The light side of passwords: Turning motivation from the extrinsic to the intrinsic research in progress

There are many good and bad aspects to password authentication. They are mostly without cost, securing many accounts and systems, and allowing users access from anywhere in the world. However, passwords can elicit dark side phenomena, including security technostress; with many users feeling negatively towards them, as they struggle to cope with the sheer numbers required in their everyday lives. Much research has attempted to understand users’ interactions with passwords, examining the trade-off between security, memorability, user convenience, and suggesting techniques to manage them better. However, users continue to struggle. Many studies have shown that users are more concerned with goals other than security, such as convenience and memorability. Therefore, we need to offer another reason that will entice users to engage with the password process more securely. In this study, we suggest that engaging with the password process (creating, learning and recalling passwords) well, is similar to memory training. Therefore, we propose that the “light side” of passwords – the positive reason for properly creating and learning strong passwords, and recalling them successfully, will improve users’ memories for passwords and memory functioning in general. Consequently, changing their motivation from an extrinsic goal to an intrinsic goal – improved memory functioning

Evaluating the Usability of a Multilingual Passphrase Policy

The literature shows that users struggle to generate secure passwords. This has led to systems administrators implementing password expiry policies that burden and frustrate users. This study explores the security and usability of a multilingual passphrase policy, as multilingualism has the potential to enhance security. A total of 224 participants were invited to participate in an experiment to generate and recall short passwords and multilingual passphrases. The findings of this study show that, although a multilingual passphrase policy made passphrase generation slightly more difficult, its use motivated users to generate unique memorable passphrases. Arguably, repeated use of passphrases promotes memorability and cognitive fluency. Furthermore, the multilingual passphrases in this study proved to be stronger than those reported in the literature

TOWARDS ASSESSING PASSWORD WORKAROUNDS AND PERCEIVED RISK TO DATA BREACHES FOR ORGANIZATIONAL CYBERSECURITY RISK MANAGEMENT TAXONOMY

Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauthorized access utilizing various defense techniques, with the most popular and frequently used technique being passwords. However, the dramatic increase of user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. Despite users being more aware of password entropy, users still often participate in deviant password behaviors also known as ‘password workarounds’ or ‘shadow security’. These deviant password behaviors can put individuals and organizations at risk resulting in data privacy issues, data loss, and ultimately a data breach incident. In this paper, we outline a research-in-progress study to build a risk taxonomy for organizations based on the to identify the risks associated with deviant password behaviors technique based on the constructs of users’ perceived cybersecurity risk of data breaches resulting from PassWord WorkArounds (PWWA) techniques. Additionally, this study aims to empirically assess significant mean difference between Subject Matter Experts (SMEs) and employees on their perceived cybersecurity risk of data breaches resulting from the deviant password behaviors and frequency of PWWA techniques usage

Authentication Schemes\u27 Impact on Working Memory

Authentication is the process by which a computing system validates a user’s identity. Although this process is necessary for system security, users view authentication as a frequent disruption to their primary tasks. During this disruption, primary task information must be actively maintained in working memory. As a result, primary task information stored in working memory is at risk of being lost or corrupted while users authenticate. For over two decades, researchers have focused on developing more memorable passwords by replacing alphanumeric text with visual graphics (Biddle et al., 2012). However, very little attention has been given to the impact authentication has on working memory. A recent exploratory study suggests that working memory can be disrupted during graphical authentication (Still & Cain, 2019). In this study, we take the next step by controlling for task difficulty and contrasting performance with conventional password-based authentication. Baddeley’s model was employed to examine the impact of authentication on verbal, visuospatial, and central executive working memory (Baddeley & Hitch, 1974). Our findings may help designers select authentication systems that minimize adverse effects on users’ critical primary task performance. For instance, we revealed that conventional passwords do not have a greater negative impact on verbal primary task information compared to graphical passcodes. We also replicated findings reported by Still and Cain (2019), where visuospatial was least impaired by authentication. These findings are not intuitive, highlighting the need for further investigation of how authentication impacts primary task information in working memory

Unraveling the Relationship between Content Design and Kinesthetic Learning on Communities of Practice Platforms

As a variant of the sharing economy, Communities of Practice (CoP) platforms have allowed kinesthetic learners to acquire skillsets corresponding to their interests for immediate or future use in practice. However, the impact of digital learning content design on kinesthetic learning remains underexplored in the field of information systems. We hence extend prior research by advancing content richness and structure clarity as antecedents affecting kinesthetic learners’ digestibility of contents, culminating in differential kinesthetic learning effects. To substantiate our arguments, we collected data from a leading Chinese recipe sharing platform. Whereas content richness was measured in terms of readability, verb richness, and prototypicality, structure clarity was operationalized as block structure, block quantity, and block regularity. Employing a machine learning model, we simulated and tested learners’ digestibility of image content embodied within recipes. Plans for future research beyond the current study are also discussed

Passphrase and keystroke dynamics authentication: security and usability

It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation

An Empirical Assessment of the Use of Password Workarounds and the Cybersecurity Risk of Data Breaches

Passwords have been used for a long time to grant controlled access to classified spaces, electronics, networks, and more. However, the dramatic increase in user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure a high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. The increased use of IS as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password entropy, users still often participate in deviant password behaviors, known as ‘password workarounds’ or ‘shadow security.’ These deviant password behaviors can put individuals and organizations at risk, resulting in data privacy. This study, engaging 303 IS users and 27 Subject Matter Experts (SMEs), focused on designing, developing, and empirically validating Password Workaround Cybersecurity Risk Taxonomy (PaWoCyRiT)—a model supported on perceived cybersecurity risks from Password Workarounds (PWWA) techniques and their usage frequency. A panel of SMEs validated the PWWA list from existing literature with recommended adjustments. Additionally, the perception level of the cybersecurity risks of each technique was measured from the 27 SMEs and 303 IS users. They also provided their self-reported and reported on coworkers\u27 engagement frequencies related to the PWWA list. Noteworthy, significant differences were found between SMEs and IS users in their aggregated perceptions of cybersecurity risks of the PWWAs, with IS users perceiving higher risks. Engagement patterns varied between the groups, as well as factors like years of IS experience, gender, and job level had significant differences among groups. The PaWoCyRiT was developed to provide insights into password-related risks and behaviors

Design and Implementation of a Dynamic Web-based User Interface for the proCollab System Supporting Knowledge-intensive Business Processes

Globalization and the change to post-industrial societies have led to an increased value of knowledge-intensive processes. Areas creating and utilizing new knowledge, such as research and development are of high importance for today’s companies. In these areas, knowledge workers drive the creation of value in knowledge-intensive processes. However, there is still no established process-based support due to the dynamic nature of these processes. The latter requires a high level of communication and cooperation between all involved workers. The proCollab research project, hosted at Ulm University, aims to holistically support knowledge workers and knowledge-intensive processes. The concept of proCollab relies on the lifecycle-based task management in the context of processes. In particular, knowledge workers may use digital task lists to synchronize and coordinate their work more effectively. To demonstrate the capabilities of proCollab, a sophisticated proof-of-concept prototype has been developed. This work presents the design and implementation of the dynamic, web-based user interface of the current version of the proCollab prototype

A model for secure and usable passphrases for multilingual users

Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space