Author:
Kävrestad Joakim,Zaxmy Johan,Nohlberg Marcus
Abstract
Purpose
Using passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of increasing security, a practice commonly used in penetration testing. Further, in the discipline of digital forensics, password cracking is often an essential part of a computer examination as data has to be decrypted to be analyzed. This paper seeks to look into how users that actively encrypt data construct their passwords to benefit the forensics community.
Design/methodology/approach
The study began with an automated analysis of over one billion passwords in 22 different password databases that leaked to the internet. The study validated the result with an experiment were passwords created on a local website was analyzed during account creation. Further a survey was used to gather data that was used to identify differences in password behavior between user that actively encrypt their data and other users.
Findings
The result of this study suggests that American lowercase letters and numbers are present in almost every password and that users seem to avoid using special characters if they can. Further, the study suggests that users that actively encrypt their data are more prone to use keyboard patterns as passwords than other users.
Originality/value
This paper contributes to the existing body of knowledge around password behavior and suggests that password-guessing attacks should focus on American letters and numbers. Further, the paper suggests that forensics experts should consider testing patterns-based passwords when performing password-guessing attacks against encrypted data.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference33 articles.
1. Security analysis of game changer password system;International Journal of Human-Computer Studies,2019
2. Amazon's mechanical turk: a new source of inexpensive, yet high-quality, data?;Perspectives on Psychological Science : a Journal of the Association for Psychological Science,2011
3. Password cracking based on special keyboard patterns;International Journal of Innovative Computing, Information and Control,2012
4. Das, S., Dingman, A. and Camp, L.J. (2018), “Why Johnny doesn’t use two factor a two-phase usability study of the fido u2f security key”, Paper presented at the Proceedings of the International Conference on Financial Cryptography and Data Security.
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献