Naturally Rehearsing Passwords

We introduce quantitative usability and security models to guide the design of password management schemes --- systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography are based on complexity-theoretic assumptions (e.g., hardness of factoring and discrete logarithm), we quantify usability by introducing usability assumptions. In particular, password management relies on assumptions about human memory, e.g., that a user who follows a particular rehearsal schedule will successfully maintain the corresponding memory. These assumptions are informed by research in cognitive science and validated through empirical studies. Given rehearsal requirements and a user's visitation schedule for each account, we use the total number of extra rehearsals that the user would have to do to remember all of his passwords as a measure of the usability of the password scheme. Our usability model leads us to a key observation: password reuse benefits users not only by reducing the number of passwords that the user has to memorize, but more importantly by increasing the natural rehearsal rate for each password. We also present a security model which accounts for the complexity of password management with multiple accounts and associated threats, including online, offline, and plaintext password leak attacks. Observing that current password management schemes are either insecure or unusable, we present Shared Cues--- a new scheme in which the underlying secret is strategically shared across accounts to ensure that most rehearsal requirements are satisfied naturally while simultaneously providing strong security. The construction uses the Chinese Remainder Theorem to achieve these competing goals

So Much Promise, So Little Use: What is Stopping Home End-Users from Using Password Manager Applications?

In this paper, we investigate the voluntary use of password management applications in order to address a decades-old and ubiquitous information security problem related to poor password management. In our exploratory analysis, we investigate two related issues: (1) why home end-users chose not to use password management applications and (2) why high behavioral intentions to use password management applications did not always lead to actual usage for certain users. We found that issues related to the technology such as lack of trust or memory limitations, individual issues such as perceived costs and benefits, and a lack of concern about the threat (threat apathy) were the primary inhibitors of lack of use. For those that had high intentions to use a password management application but failed to actually use the software, we found that a variety of individual issues such as lack of immediacy and having insufficient time were the primary inhibitors leading to this breakdown

New concepts in password management

Passwords have been used for many years in the security of computer systems. The password mechanism has not changed in recent years and has several inherent security problems. This paper examines several password problems including sniffers, dictionary and brute force attacks. A specific Department of Defense incident is cited to illustrate a method to thwart sniffers followed by several suggestions intended to increase the security of the password process

Evaluation of Professional Cloud Password Management Tools

Strong passwords have been preached since decades. However, lot of the regular users of IT systems resort to simple and repetitive passwords, especially nowadays in the “service era”. To help alleviate this problem, a new class of software grew popular: password managers. Since their introduction, password managers have slowly been migrating into the cloud. In this paper we review and analyze current professional password managers in the cloud. We discuss several functional and non-functional requirements to evaluate existing solutions and we sum up their strengths and weaknesses. The main conclusion is that a silver bullet solution is not available yet and that this type of tools still deserve a significant research effort from the privacy and security community

Back to School Know-How

Fee-based online databases such as Lexis-Nexis and Dialog are trying to attract a new crop of librarians by offering free training and enhanced password management

ORACLE DATABASE SECURITY

This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource management and password management. Security is a constant concern in the design and database development. Usually, there are no concerns about the existence of security, but rather how large it should be. A typically DBMS has several levels of security, in addition to those offered by the operating system or network. Typically, a DBMS has user accounts that require a login password to be authenticated to access the data.data security, password administration, Oracle HTTP Server, OracleAS, access control

A Replication Study of User Motivation in Protecting Information Security using Protection Motivation Theory and Self Determination Theory

Securing one’s data and protecting important information from various security threats are essential tasks for all end users, whether they be home users or organizational users. The motivation for doing so, however, may be entirely different for these two user populations. In 2017, Menard et al. conducted a study of home end users’ behavioral intentions regarding the installation of password management software using Self-Determination Theory (SDT), Protection Motivation Theory (PMT), and an integrated SDT-PMT model. This methodological replication study replicated those model comparisons to test organizational users’ behavioral intentions. We surveyed more than 300 organizational users who did not have password management software installed on their devices. We found support to suggest that, while both home and organizational users are significantly motivated by PMT- and SDT-enabled appeals, organizational users are significantly more motivated than their home user counterparts to install password management software when exposed to SDT-embedded appeals. We believe this outcome is the result of the multi-faceted sense of accountability (to themselves, their coworkers, and their organization) that organizational users experience but home users do not. This methodological replication of Menard et al. (2017) provided an opportunity to expose this multi-faceted view of accountability among organizational users and offers a foundation for future research to delve more closely into the nature of accountability in this context