9 research outputs found
Assessing Relative Weights of Authentication Components: An Expert Panel Approach
Organizations rely on password-based authentication methods to control access to many Web-based systems. In a recent study, we developed a benchmarking instrument to assess the authentication methods used in these contexts. Our instrument developed included extensive literature foundation and an expert panel assessment. This paper reports on the development of the instrument and the expert panel assessment. The initial draft of the instrument was derived from literature to assess 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. Following, the criteria within the index were evaluated by an expert panel and the same panel provided opinions on the relative weights of the criteria and the measures. The expert panel results were collected and analyzed using Multi-Criteria Decision Analysis (MCDA) techniques. We conclude with discussions on how the criteria were assembled, how the expert panel was conducted, and reporting the results from the panel. The results reported include the relative weights within te password usage and password reset measures as well as the relative weights of the three measures within the index
Modeling Online Passwords Protection Intention
Using the Protection Motivation Theory, the paper tests a model password protection intention of online users. Hypotheses are proposed concerning the intention to engage in good password practice. Data were collected from 182 college students who use the Internet. The result suggests that fear, response cost and response efficacy are significantly related to online password protection intention. However, perceived severity and vulnerability are not significant predictors. The study suggests that reducing cognitive costs for passwords is imperative
The Forgotten Password: A Solution to Selecting, Securing and Remembering Passwords
Internet passwords are required of us more and more. Personal experience
and research shows us that it is difficult to create and remember unique passwords
that meet security requirements. This study tested a unique method of password
generation based on a selection of mnemonic aids aimed at increasing the
usability, security and memorability of passwords. Fifty-one engineers,
accountants and university students aged between 17 - 61 years participated in the
study. They were randomly assigned to one of three groups: mnemonic, self-selection
and random. All passwords in the study had to meet the following
criteria: they had to be unique, at least eight characters long with a mixture of
letters and numbers, and not include complete words or personal identifiers,
sequential or repetitive numbers, and the passwords could not be written down or
recorded anywhere. The mnemonic group created passwords based on a variety of mnemonic processes, the self-selection group generated passwords that complied with the
above criteria, and the random group were assigned random
passwords generated by the experimenter. Password recall was tested online once
a week for three weeks, and then the passwords were renewed, with participants
staying within the same groups for the length of the study. The second password
was tested weekly for three weeks, then the passwords were renewed for the third
and final time and tested for a further three weeks. The expectation was that the
use of mnemonics in password creation would improve accurate recall of
passwords, more so than if the password was 'self-selected' or a random password
was assigned. The results showed that participants in the mnemonic group were
able to accurately recall all three passwords significantly more often than
participants in the self-selection and random groups. Furthermore, passwords
created by the mnemonic group were more secure than passwords created by the
self-selection group, as their passwords generated had a greater number of
characters in them, slightly larger alphabet size, and a higher degree of entropy.
The results are discussed in terms of the practical relevance of the findings
Estudo de um sistema numa instituição de seguros no Mercado português
Os maiores ativos de uma instituição seguradora são os dados dos clientes, pois
através destes as políticas e objetivos da empresa são planeados e alargados. Esses
dados são considerados críticos ou confidenciais, como o caso de nomes, moradas,
dados de saúde e sinistros, que devem ser protegidos contra ameaças internas (fraude,
erros de utilização) e externas (roubo de informação). A fuga de informação
representa graves perdas de uma instituição, cujos danos vão desde perda de
reputação ao afastamento de clientes, parceiros e até mesmo colaboradores,
processos jurídicos e danos financeiros. Assim, a utilização de palavras-passe fortes,
com regras rígidas para a sua gestão, do conhecimento de toda a empresa é
importante para manter a Segurança da Informação.
Regra geral, para um colaborador autorizado a consultar determinada
informação entrar nessas bases de dados, autentica-se através da inserção de um
Nome de Utilizador e de uma Palavra-passe num sistema. A gestão de palavras-chave
insere-se no Risco Operacional, associado às atividades diárias de uma organização,
envolvendo processos, pessoas e sistemas, que hoje em dia é considerado importante
para uma gestão empresarial saudável e não apenas todo o risco não quantificável,
como era considerado há alguns anos atrás.
O objetivo deste trabalho será analisar o processo de gestão de palavras-chave
numa seguradora a atuar em Portugal, ou seja, que processos e regras a empresa tem
para que os seus colaboradores criem as suas palavras-chave. Será também analisado
as ameaças que os sistemas de palavras-passe enfrentam, no geral, e verificar-se-á de
que maneiras esta organização protege-se dessas ameaças e como será possível
mitigar os riscos existentes, através da melhoria dos processos existentes ou da
implementação de novas soluções