Fig 2 - available via license: Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported
Content may be subject to copyright.
Source publication
It is very common for users to create weak passwords. Currently, the majority of websites deploy password strength meters to provide timely feedback. These meters are in wide use and their effects on the security of passwords have been relatively well studied. In this paper another type of feedback is studied: a gamified approach supported by fear...
Contexts in source publication
Context 1
... form of this system, with the typical inputs of a password change form, is presented in fig. 1. In this system the only restriction for the password is minimum length (8 characters). Users do not receive any other information or suggestions about the password. An advanced form of this system, referred to as the gamified form, is presented in fig. 2. The system consists of three elements: a graphic theme, a password change form (the same as in fig. 1) and a secure password guide. The most significant element, the gamified part (the so-called graphic theme) consists of three elements: the indicator of password strength (from 0 to 5), a text Scientific Journal of PNA comment ...
Context 2
... an e-mail address they had to provide real data existing in the system database. After session 1 participants were asked again to change a password but this time in the gamified form (available at edug.pl/password.php?form=game&lang=en) presented in fig. 2. They were introduced by the lecturer that they could select a graphic theme and that during the typing of the password two blocks of information would be presented: suggestions about password security and the time it would take to break the password. Scientific Journal of PNA Students were informed that during both sessions, passwords ...
Citations
... There are three primary approaches to estimating password strength. The first traditional approach uses the password's complexity to determine its strength, such as using the Shannon entropy or statistical methods based on certain simple conventions such as the password length and the sort of symbols or characters used (e.g., uppercase, lowercase, or digits) [10][11][12][13][14][15]. However, many studies have proven that the password-entropy metric is only useful for analyzing the strength of randomly generated passwords, not for gauging the strength of user-chosen passwords [16,17]. ...
Computer security depends mainly on passwords to protect human users from attackers. Therefore, manual and alphanumerical passwords are the most frequent type of computer authentication. However, creating these passwords has significant drawbacks. For example, users often tend to choose passwords based on personal information so that they can be memorable and therefore weak and guessable. In contrast, it is often difficult to remember if the password is difficult to guess. We propose an intelligent security model for password generation and estimation to address these problems using the ensemble learning approach and hand gesture features. This paper proposes two intelligent stages: the first is the password generation stage based on the ensemble learning approach and the proposed S-Box. The second is the password strength estimation stage, also based on the ensemble learning approach. Four well-known classifiers are used: Multi-Layer Perceptron (MLP), Support Vector Machine (SVM), Random Forest Tree (RFT), and AdaBoost applied on two datasets: MNIST images dataset and password strength dataset. The experimental results showed that the hand gesture and password strength classification processes accurately performed at 99% in AUC, Accuracy, F1-measures, Precision, and Recall. As a result, the extracted features of hand gestures will directly impact the complexity of generated passwords, which are very strong, hard to guess, and memorable.
Supporting users with secure password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter, i.e. providing feedback on the user's password strength as and when it is created. However, findings related to the password meter's effectiveness are varied. An extensive literature review revealed that, besides password feedback, effective password meters often include: (a) feedback nudges to encourage stronger passwords choices and (b) additional guidance. A between-subjects study was carried out with 645 participants to test nine variations of password meters with different types of feedback nudges exploiting various heuristics and norms. This study explored differences in resulting passwords: (1) actual strength, (2) memorability, and (3) user perceptions. The study revealed that password feedback, in combination with a feedback nudge and additional guidance, labelled a hybrid password meter, was generally more efficacious than either intervention on its own, on all three metrics. Yet, the type of feedback nudge targeting either the person, the password creation task, or the social context, did not seem to matter much. The meters were nearly equally efficacious. Future work should explore the long-term effects of hybrid password meters in real-life settings to confirm the external validity of these findings.
