Analyzing the usage of character groups and keyboard patterns in password creation

Author:

Kävrestad Joakim,Zaxmy Johan,Nohlberg Marcus

Abstract

Purpose Using passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of increasing security, a practice commonly used in penetration testing. Further, in the discipline of digital forensics, password cracking is often an essential part of a computer examination as data has to be decrypted to be analyzed. This paper seeks to look into how users that actively encrypt data construct their passwords to benefit the forensics community. Design/methodology/approach The study began with an automated analysis of over one billion passwords in 22 different password databases that leaked to the internet. The study validated the result with an experiment were passwords created on a local website was analyzed during account creation. Further a survey was used to gather data that was used to identify differences in password behavior between user that actively encrypt their data and other users. Findings The result of this study suggests that American lowercase letters and numbers are present in almost every password and that users seem to avoid using special characters if they can. Further, the study suggests that users that actively encrypt their data are more prone to use keyboard patterns as passwords than other users. Originality/value This paper contributes to the existing body of knowledge around password behavior and suggests that password-guessing attacks should focus on American letters and numbers. Further, the paper suggests that forensics experts should consider testing patterns-based passwords when performing password-guessing attacks against encrypted data.

Publisher

Emerald

Subject

Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems

Reference33 articles.

1. Security analysis of game changer password system;International Journal of Human-Computer Studies,2019

2. Amazon's mechanical turk: a new source of inexpensive, yet high-quality, data?;Perspectives on Psychological Science : a Journal of the Association for Psychological Science,2011

3. Password cracking based on special keyboard patterns;International Journal of Innovative Computing, Information and Control,2012

4. Das, S., Dingman, A. and Camp, L.J. (2018), “Why Johnny doesn’t use two factor a two-phase usability study of the fido u2f security key”, Paper presented at the Proceedings of the International Conference on Financial Cryptography and Data Security.

Cited by 3 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Dynamically Generate Password Policy via Zipf Distribution;IEEE Transactions on Information Forensics and Security;2022

2. How Does Social Behavior Affect Your Password?;IEEE Network;2021-09

3. Studies of Keyboard Patterns in Passwords: Recognition, Characteristics and Strength Evolution;Information and Communications Security;2021

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3