i-manager Publications

Password Knowledge Versus Password Management

Victor N. Adama*, Noel Moses Dogonyaro**, Victor L. Yisa***, Baba Meshach****, Ekundayo Ayobami*****

*,***** Lecturer, Department of Computer Science, Federal University of Technology, Minna, Nigeria.

**-***,**** Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

Periodicity:September - November'2018
DOI : https://doi.org/10.26634/jcom.6.3.15697

Abstract

User authentication is one of the most important security characteristics of any system given today's globalized digital life style. The safety and security of sensitive data, privacy and also critical infrastructure relies primarily on authentication. Amongst all authentication schemes, text-based passwords are the most deployed across various platforms, thus the importance of evaluating user password management practice cannot be overemphasized. This research, via, a case study aimed at establishing the theoretical password knowledge in comparison to actual password management practice of staff and students from Information Technology (IT) inclined departments of the Federal University of Technology, Minna. Results from the survey reveal that the target respondents are knowledgeable on good password management policies. However, actual password practice results by the respondents showed that they do not comply and effectively implement the theoretical password knowledge they possess. Thus it can be concluded that there is a significant difference between what respondents know compared to their actual practice. Numerous implications abound when this is the case as it makes users more vulnerable to security risks of unauthorized access by unauthorized users.

Keywords

Authentication, Password, Password Knowledge, Password Practice

How to Cite this Article?

Adama, V. N., Dogonyaro, N. M., Yisa, V. L., Meshach, B., Ayobami, E. (2018). Password Knowledge Versus Password Management Practice a Case Study Federal University of Technology, Minna, i-manager's Journal on Computer Science, 6(3),16-24. https://doi.org/10.26634/jcom.6.3.15697

References

[1]. Blanchard, J. (2014). Weak passwords put millions at risk of bank accounts and other information being hacked online. Mirror. Retrieved from http://www.mirror.co. uk/news/technologyscience/technology/weak-passwords- put-millionsrisk-4439460

[2]. Chiasson, S., Forget, A., Stobert, E., van Oorschot, P. C., & Biddle, R. (2009, November). Multiple password interference in text passwords and click-based graphical passwords. In Proceedings of the 16^th ACM Conference on Computer and Communications Security (pp. 500- 511). ACM.

[3]. De Angeli, A., Coventry, L., Johnson, G., & Renaud, K. (2005). Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, 63(1-2), 128-152.

[4]. Florêncio, D., Herley, C., & Van Oorschot, P. C (2014). An administrator's guide to internet password research. In Proceedings of the 28^th USENIX Large Installation System Administration Conference (pp. 35-52).

[5]. Fredericks, D. T., Futcher, L. A., & Thomson, K. L. (2016). Comparing Student Password Knowledge and behavior: A case Study. In Proceedings of the Tenth International Symposium on Human Aspects of Information and Assurance (HAISA 2016) (pp. 167-178).

[6]. Helkala, K., & Bakås, T. H. (2014). Extended results of Norwegian password security survey. Information Management & Computer Security, 22(4), 346-357.

[7]. Kelley, P. G., Komanduri, S., Mazurek, M. L., Shay, R., Vidas, T., Bauer, L., ... & Cranor, L. F. (2013, April). The impact of length and mathematical operators on the usability and security of system-assigned one-time PINs. In International Conference on Financial Cryptography and Data Security (pp. 34-51). Springer, Berlin, Heidelberg.

[8]. McDowell, M., Rafail, J., & Hernan, J. (2009). Choosing and protecting passwords. US-CERT Cyber Security Tip ST04-002. Retrieved from https://www.us-cert. gov/ncas/tips/ST04-002

[9]. Microsoft (2013). Maximum password age. Retrieved from https://technet.microsoft.com/enus/library/ hh994573(v=ws.10).aspx

[10]. Notoatmodjo, G. (2007). Exploring the 'weakest link': A study of personal password security (Doctoral Dissertation, University of Auckland).

[11]. Renaud, K., Mayer, P., Volkamer, M., & Maguire, J. (2013, September). Are graphical authentication mechanisms as strong as passwords? In Computer Science and Information Systems (FedCSIS), 2013 Federated Conference on (pp. 837-844). IEEE.

[12]. Ritó, E. (2018). Smart Cities for a better world. Central European Publications, 2(41), 42-53.

[13]. Stobert, E., & Biddle, R. (2014). The password life cycle: User behaviour in managing passwords. In Symposium on Usable Privacy and Security (SOUPS), Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (pp. 243-255).

[14]. Slain, M (2016). Announcing Our Worst Passwords of 2015. In TeamsID. Retrieved from http://www.teamsid. com/worst-passwords-2015

[15]. University of Illinois (2014). Why you should use different passwords. University of Illinois. Retrieved from https://security.illinois.edu/content/why-you-should-use-different- passwords

Password Knowledge Versus Password Management

Abstract

Keywords

How to Cite this Article?

References

If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Options for accessing this content:

	North Americas,UK, Middle East,Europe		India	Rest of world
	USD	EUR	INR	USD-ROW
Pdf	35	35	200	20
Online	35	35	200	15
Pdf & Online	35	35	400	25