Explore chapters and articles related to this topic
Access Control
Published in Wayne Patterson, Cynthia E. Winston-Proctor, Behavioral Cybersecurity, 2020
Wayne Patterson, Cynthia E. Winston-Proctor
In particular, we have examined five of these candidates for password meters. In each case, the meter is available through a particular website, the user is encouraged to enter a test password, and a report is generated for the user as to the password meter’s judgment of the strength of the password. We designate them as (A) https://passwordmeter.com; (B) https://lastpass.com/howsecure.php; (C) https://my1login.com/resources/password-strength-test/; (D) https://thycotic.com/resources/password-strength-checker/; and (E) https://howsecureismypassword.net/.
Cybersecurity and Risk
Published in Diego Galar Pascual, Pasquale Daponte, Uday Kumar, Handbook of Industry 4.0 and SMART Systems, 2019
Diego Galar Pascual, Pasquale Daponte, Uday Kumar
A “single password” system with enforced strong passwords can be a good solution for enterprise authentication and authorization. Such system provides high authentication security, granular authorization and is easier to administer. With this system, a user’s strong single password is synchronized with many applications and systems enterprise wide for authentication and authorization. All enterprise systems and applications automatically refer authentication and authorization functions to the single password system. As users only have to remember is one strong password making the system simple to use and not likely to be bypassed. The advantages to single-password system are: Single consistent method for setting passwords.Single consistent method for authentication and authorization.Single method for registration and termination of user accounts.Enforcement of corporate password strength guidelines.Consistency—users know what to do.Standardization—easy to support and adopt.Fast—standard interface and APIs.Lower costs, lower help calls.
Combinatorics
Published in Paul L. Goethals, Natalie M. Scala, Daniel T. Bennett, Mathematics in Cyber Research, 2022
Note that password strength is an attribute of the password space rather than the password itself. In general, we measure the strength of a password by enumerating the smallest reasonable space containing it—for example, all lowercase letters, letters and special characters, or dictionary words followed by digits.
Nudging users towards better security decisions in password creation using whitebox-based multidimensional visualisations
Published in Behaviour & Information Technology, 2022
Katrin Hartwig, Christian Reuter
Current studies on nudging in cybersecurity focus mostly on uni- or two-dimensional visualisations, for example by displaying black-box password meters. Ur et al. (2016, p. 3757) state that ‘targeted, data-driven feedback during password creation’ is promising to assist users in creating stronger passwords. Hence, password meters appear to be an appropriate concept at first glance. However, different studies suggest contradictory findings regarding their effectiveness. On the one hand, researchers criticise that most current password meters just tell end-users if a password is weak without giving reasons (Ur et al. 2016). Renaud et al. (2017) evaluated different password nudges in an online experiment (N=1.273). Among others, they tested a dynamic password strength meter showing where on the x-axis the users’ password is located. Similar to common meters, it showed only aggregated information, not revealing details about concrete dimensions. The tested nudges did not affect password strength. On the other hand, different studies have found that meters can yield stronger passwords. In an experiment with several meters, Egelman et al. (2013) found that meters can lead to stronger passwords when forcing users to change passwords on important accounts. As a conclusion, blackbox-based password meters have in some cases proven to be effective.
Hybrid password meters for more secure passwords – a comprehensive study of password meters including nudges and password information
Published in Behaviour & Information Technology, 2023
Verena Zimmermann, Karola Marky, Karen Renaud
The question remains: ‘What makes password meters effective?’ To answer this higher-level question, a systematic literature review was conducted as a first research step. Analysing 42 publications that described 108 different password meter variants revealed that password meters seem to be effective when they include: (a) password strength feedback, (b) some kind of visual feedback nudge (e.g. a social comparison), and (c) additional password creation guidance. This combination is termed a hybrid password meter in this paper.
Energy-efficient distributed password hash computation on heterogeneous embedded system
Published in Automatika, 2022
Branimir Pervan, Josip Knezović, Emanuel Guberović
It is interesting to define password strength in terms of a very common attack method, the brute force attack, which attempts to find passwords for every possible combination in a given character set. Stronger passwords take a longer time to be cracked with brute force attacks, as more combinations need to be checked before the correct one is found. In general, password strength can be linked to the information content or entropy of the password, and both the length and the size of the character set size affect its value.