Factors Affecting Password Manager Adoption among European University Students

Password is the most common method of proving the identity on various online services. More and more sensitive information gets stored online: banking details, healthcare data, educational and corporate data. Due to the increasing amount of accounts, users face the challenge of creating and remembering various passwords of high complexity. To deal with such challenges and improve password management practices, security professionals suggest the use of password managers, also known as password managers. However, this tool has not gained much popularity among the end-users. The purpose of this thesis is to identify and examine the factors that may affect the adoption of password managers. In this regard, I have proposed a research model based on the Unified Theory of Acceptance and Use of Technology (UTAUT) and Task Technology Fit (TTF) models. Data (N=265) was collected from students enrolled at one of European universities using a online survey. For this purpose, data was collected using mailing lists and Facebook page of a crowdsourcing site. PLS-SEM was used to test the proposed model with a usable data set of N= 265.analyze the data sample collected with the means of a questionnaire. The results of the analysis show that performance expectancy and social influence affect behavioral intentions. Task technology fit, facilitating conditions, and behavioral intentions directly affect password manager adoptions, while performance expectancy, social influence, effort expectancy, and technology characteristics are the main factors that affect password manager adoption among European students indirectly

Securely Handling Inter-Application Connection Credentials

The utilization of application-to-application (A2A) credentials within interpretive language scripts and application code has long been a security risk. The quandaries being how to protect and secure the credentials handled in the main body of code and avoid exploitation from rogue programmers, system administrators and other users with authorized high levels of privilege. Researchers report that A2A credentials cannot be protected and that there is no way to reduce the risk of the inevitable successful attack and subsequent exploit. Therefore, research efforts to date have primarily been focused on mitigating the impact of the attack rather than finding ways to reduce the attack surface. The work contained herein successfully addresses this serious cross-cutting concern and proves that it is in fact possible to significantly reduce the risk of attack. This reduction of risk was accomplished through implementing a method of credential obfuscation which applied advice with concerns utilizing a composition filter. The filter modified messages containing the credentials as they were sent from the interpretive language script to the remote data store. The modification extracted credentials from a secure password vault and inserted them into the message being sent to the remote data store. This modification moved the handling of the credentials from the main body of code to a secure library and out of the reach of attackers with authorized high levels of privilege. The relocation of the credential handling code lines significantly reduced the attack surface and the overall risk of attack