Password Knowledge Versus Password Management

Victor N. Adama*, Noel Moses Dogonyaro**, Victor L. Yisa***, Baba Meshach****, Ekundayo Ayobami*****
*,***** Lecturer, Department of Computer Science, Federal University of Technology, Minna, Nigeria.
**-***,**** Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.
Periodicity:September - November'2018
DOI : https://doi.org/10.26634/jcom.6.3.15697

Abstract

User authentication is one of the most important security characteristics of any system given today's globalized digital life style. The safety and security of sensitive data, privacy and also critical infrastructure relies primarily on authentication. Amongst all authentication schemes, text-based passwords are the most deployed across various platforms, thus the importance of evaluating user password management practice cannot be overemphasized. This research, via, a case study aimed at establishing the theoretical password knowledge in comparison to actual password management practice of staff and students from Information Technology (IT) inclined departments of the Federal University of Technology, Minna. Results from the survey reveal that the target respondents are knowledgeable on good password management policies. However, actual password practice results by the respondents showed that they do not comply and effectively implement the theoretical password knowledge they possess. Thus it can be concluded that there is a significant difference between what respondents know compared to their actual practice. Numerous implications abound when this is the case as it makes users more vulnerable to security risks of unauthorized access by unauthorized users.

Keywords

Authentication, Password, Password Knowledge, Password Practice

How to Cite this Article?

Adama, V. N., Dogonyaro, N. M., Yisa, V. L., Meshach, B., Ayobami, E. (2018). Password Knowledge Versus Password Management Practice a Case Study Federal University of Technology, Minna, i-manager's Journal on Computer Science, 6(3),16-24. https://doi.org/10.26634/jcom.6.3.15697

References

[1]. Blanchard, J. (2014). Weak passwords put millions at risk of bank accounts and other information being hacked online. Mirror. Retrieved from http://www.mirror.co. uk/news/technologyscience/technology/weak-passwords- put-millionsrisk-4439460
[2]. Chiasson, S., Forget, A., Stobert, E., van Oorschot, P. C., & Biddle, R. (2009, November). Multiple password interference in text passwords and click-based graphical passwords. In Proceedings of the 16th ACM Conference on Computer and Communications Security (pp. 500- 511). ACM.
[3]. De Angeli, A., Coventry, L., Johnson, G., & Renaud, K. (2005). Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, 63(1-2), 128-152.
[4]. Florêncio, D., Herley, C., & Van Oorschot, P. C (2014). An administrator's guide to internet password research. In Proceedings of the 28th USENIX Large Installation System Administration Conference (pp. 35-52).
[5]. Fredericks, D. T., Futcher, L. A., & Thomson, K. L. (2016). Comparing Student Password Knowledge and behavior: A case Study. In Proceedings of the Tenth International Symposium on Human Aspects of Information and Assurance (HAISA 2016) (pp. 167-178).
[6]. Helkala, K., & Bakås, T. H. (2014). Extended results of Norwegian password security survey. Information Management & Computer Security, 22(4), 346-357.
[7]. Kelley, P. G., Komanduri, S., Mazurek, M. L., Shay, R., Vidas, T., Bauer, L., ... & Cranor, L. F. (2013, April). The impact of length and mathematical operators on the usability and security of system-assigned one-time PINs. In International Conference on Financial Cryptography and Data Security (pp. 34-51). Springer, Berlin, Heidelberg.
[8]. McDowell, M., Rafail, J., & Hernan, J. (2009). Choosing and protecting passwords. US-CERT Cyber Security Tip ST04-002. Retrieved from https://www.us-cert. gov/ncas/tips/ST04-002
[9]. Microsoft (2013). Maximum password age. Retrieved from https://technet.microsoft.com/enus/library/ hh994573(v=ws.10).aspx
[10]. Notoatmodjo, G. (2007). Exploring the 'weakest link': A study of personal password security (Doctoral Dissertation, University of Auckland).
[11]. Renaud, K., Mayer, P., Volkamer, M., & Maguire, J. (2013, September). Are graphical authentication mechanisms as strong as passwords? In Computer Science and Information Systems (FedCSIS), 2013 Federated Conference on (pp. 837-844). IEEE.
[12]. Ritó, E. (2018). Smart Cities for a better world. Central European Publications, 2(41), 42-53.
[13]. Stobert, E., & Biddle, R. (2014). The password life cycle: User behaviour in managing passwords. In Symposium on Usable Privacy and Security (SOUPS), Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (pp. 243-255).
[14]. Slain, M (2016). Announcing Our Worst Passwords of 2015. In TeamsID. Retrieved from http://www.teamsid. com/worst-passwords-2015
[15]. University of Illinois (2014). Why you should use different passwords. University of Illinois. Retrieved from https://security.illinois.edu/content/why-you-should-use-different- passwords
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.