Global ETD Search

41	Webbläsares inbyggda lösenordshanterare : Faktorer som påverkar privatpersoners användning/ickeanvändning av webbläsares inbyggda lösenordshanterare / Web-browsers built-in password managers : Factors affecting the use/non-use of browsers' built-in password managers by individuals Klaar, Jonathan, Masak, Allen January 2021 (has links) Kunskap om lösenord och deras säkerhet är idag något som förbises av den gemene datoranvändaren. Lösenordshanterare kan både hjälpa och skydda vid hanteringen av lösenord. De flesta webbläsare idag har inbyggda funktioner för lösenordshantering. Utifrån existerande litteratur kunde det identifieras att det behövs data kring vilka faktorer som påverkar webbläsares användare att använda respektive inte använda dessa inbyggda lösenordshanterare. Syftet med rapporten är att presentera en analys av faktorer som påverkar varför privatpersoner väljer att använda respektive inte använda webbläsares inbyggda lösenordshanterare. Resultatet presenteras med hjälp av kvalitativa semi-strukturerade intervjuer där 33 respondenter deltagit och besvarat frågor kring deras hantering av lösenord och användning av webbläsares inbyggda lösenordshanterare. Resultat från intervjuer visade att faktorer som var av betydande roll för ickeanvändande respondenter var starkt kopplade till datorvana och hur ofta respondenter använde datorn. De faktorer som spelade störst roll för användare av verktyget var enkelhet och tidseffektivitet. Icke-användare tenderade att ha en behovsbrist gällande verktyget, mestadels på grund av deras avsaknad av datoranvändning. Faktorer som påverkar användare och icke-användare visade sig stämma överens med tidigare forskning. Dessutom sammanfattades att antalet respondenter som var användare av lösenordshanterare var betydligt högre än vad som tidigare hävdats i litteratur. Majoriteten av respondenterna (79%) var användare av lösenordshanterare, vilket motsäger tidigare studier som utförts där endast 23% använder sig av lösenordshanterare. / Knowledge of passwords and their security is today something that is overlooked by the everyday computer user. Password managers can both help and protect when managing passwords. Most web browsers today have built-in password management features. Based on existing literature, it could be identified that there is a need for knowledge concerning which factors influence web browser users to use or not use their built-in password managers. The purpose of the report is to present an analysis of factors that affect why private individuals choose to use or not use browsers built-in password managers. The results are presented with the help of qualitative semi-structured interviews in which 33 respondents participated and answered questions about their handling of passwords and the use of web browsers built-in password managers. Results from the interviews showed that factors that were significant for non-user respondents were strongly linked to computer skills and how often respondents used the computer. The factors that played the biggest role for users of the tool were simplicity and time efficiency. Non-users tended to have a lack of need for the tool, mostly because of their lack of computer usage. Factors affecting users and non-users were found to be consistent with previous research. In addition, it was concluded that the number of respondents who were users of password managers was significantly higher than previously claimed in the literature. The majority of respondents (79%) were users of password managers, which contradicts previous studies conducted where only 23% use password managers. Password management technical security informational security web browsers builtin password managers password security master password memorization Lösenordshantering teknisk säkerhet informationssäkerhet lösenordssäkerhet huvudlösenord memorering Information Systems
42	Settings Protection Add-on: A User-Interactive Browser Extension to Prevent the Exploitation of Preferences Seelam, Venkata Naga Siva 19 May 2017 (has links) No description available. Computer Science Browser Preferences Add-on Master password SDK add-ons
43	Lösenordshantering vid svenska sjukhus Gisle, Olivia, Nilsson, Joel January 2018 (has links) Syftet med denna uppsats är att ta reda på hur svenska sjukhus efter lever de riktlinjer som finns om lösenordshantering. För att ta reda på detta har riktlinjer och forskning samlats in om området som har jämförts med vårdpersonals svar om efterlevnad som skickats ut. Områden som behandlades var delning, sparande, byten och styrka av lösenord samt om de anställda blev informerade om riktlinjer gällande lösenordshantering på arbetsplatsen. Efter analys av resultatet nåddes slutsatsen att lösenordshantering efterlevandes olika bra beroende på vilket område det gällde. Lösenordens styrka var generellt bra och de byttes ofta, men informerande av de anställde, sparande och delning av lösenord skedde inte enligt de riktlinjer som finns. / The purpose of this essay is to find out whether or not Swedish hospitals follow the available guidelines regarding password management. To find out the answer guidelines and previous studies were collected and compared to answers about following password guidelines made by employees at participating hospitals. Areas that were covered were, sharing, saving, changing and strength of passwords and if the employees had been informed about the guidelines regarding password management at the workplace. After analysis of the result the conclusion was made that whether or not the hospitals followed the guidelines depended on the covered area. The strength of the passwords were generally good and they were changed often, but informing the employees about guidelines, saving and sharing of passwords did not follow the guidelines. hospital password following guidelines password management sjukhus lösenord efterlevnad av riktlinjer lösenordshantering Information Systems
44	Distribuovaná obnova hesel s využitím nástroje hashcat / Distributed Password Recovery Using Hashcat Tool Zobal, Lukáš January 2018 (has links) The aim of this thesis is a distributed solution for password recovery, using hashcat tool. The basis of this solution is password recovery tool Fitcrack, developed during my previous work on TARZAN project. The jobs distribution is done using BOINC platform, which is widely used for volunteer computing in a variety of scientific projects. The outcome of this work is a tool, which uses robust and reliable way of job distribution across a local or the Internet network. On the client side, fast and efficient password recovery process takes place, using OpenCL standard for acceleration of the whole process with the use of GPGPU principle.
45	Factors Affecting Employee Intentions to Comply With Password Policies Anye, Ernest Tamanji 01 January 2019 (has links) Password policy compliance is a vital component of organizational information security. Although many organizations make substantial investments in information security, employee-related security breaches are prevalent, with many breaches being caused by negative password behavior such as password sharing and the use of weak passwords. The purpose of this quantitative correlational study was to examine the relationship between employees’ attitudes towards password policies, information security awareness, password self-efficacy, and employee intentions to comply with password policies. This study was grounded in the theory of planned behavior and social cognitive theory. A cross-sectional survey was administered online to a random sample of 187 employees selected from a pool of qualified Qualtrics panel members. Participants worked for organizations in the United States and were aware of the password policies in their own organizations. The collected data were analyzed using 3 ordinal logistic regression models, each representing a specific measure of employees’ compliance intentions. Attitudes towards policies and password self-efficacy were significant predictors of employees’ intentions to comply with password policies (odds ratios ≥ 1.257, p < .05), while information security awareness did not have a significant impact on compliance intentions. With more knowledge of the controllable predictive factors affecting compliance, information security managers may be able to improve password policy compliance and reduce economic loss due to related security breaches. An implication of this study for positive social change is that a reduction in security breaches may promote more public confidence in organizational information systems. Employee Compliance Information Security Policies Intention to Comply Password Policy Password Self-efficacy Security Awareness Databases and Information Systems
46	The trends in the offline password-guessing field : Offline guessing attack on Swedish real-life passwords / Trenderna inom fältet för offline-gissning av lösenord : Offline-gissningsattack på svenska verkliga lösenord Zarzour, Yasser, Alchtiwi, Mohamad January 2023 (has links) Password security is one of the most critical aspects of IT security, as password-based authentication is still the primary authentication method. Unfortunately, our passwords are subject to different types of weaknesses and various types of password-guessing attacks. The first objective of this thesis is to provide a general perception of the trends in offline password-guessing tools, methods, and techniques. The study shows that the most cited tools are Hashcat, John the Ripper, Ordered Markov ENumerator (OMEN), and PassGan. Methods are increasingly evolving and becoming more sophisticated by emerging Deep Learning and Neural Networks. Unlike methods and tools, techniques are not subject to significant development, noting that dictionary and rule-based attacks are at the top of used techniques. The second objective of this thesis is to explore to what extent Swedish personal names are used in real-life passwords. Hence, an experiment is conducted for this purpose. The experiment results show that about 26% of Swedish users use their personal names when they create passwords, making them vulnerable to easy guessing by password-guessing tools. Furthermore, a simple analysis of the resulting password recovery file is performed in terms of password length and complexity. The resulting numbers show that more than half of guessed passwords are shorter than eight characters, indicating incompliance with the recommendations from standard organizations. In addition, results show a weak combination of letters, digits, and special characters, indicating that many Swedish users do not maintain sufficient diversity when composing their passwords. This means less password complexity, making passwords an easy target to guess. This study may serve as a quick reference to getting an overview of trends in the password-guessing field. On the other side, the resulting rate of Swedish personal names in Swedish password leaks may draw the attention of active social actors regarding information security to improve password security measures in Sweden. / Lösenordssäkerhet är en av de mest kritiska aspekterna av IT-säkerhet eftersom lösenordsbaserad autentisering fortfarande är den viktigaste metoden för autentisering. Tyvärr är våra lösenord föremål för olika typer av svagheter och olika typer av lösenordsgissningsattacker. Det första syftet med detta arbete är att ge en allmän uppfattning om trenderna inom verktyg,metoder och tekniker angående offline lösenordsgissning. Studien visar att Hashcat, John the Ripper, Ordered Markov ENumerator OMEN och PassGan är de mest citerade verktygen. Medan metoderna alltmer utvecklas och blir mer sofistikerade genom framväxande “DeepLearning”, och “Neural Networks”. Till skillnad från metoder och verktyg är tekniker inte föremål för stor utveckling, och notera att “dictionary” attacker och “rule-based” attacker är överst bland använda tekniker. Det andra syftet är att utforska i vilken utsträckning svenska personnamn används i verkliga lösenord. Därför genomförs ett experiment för detta ändamål. Resultaten av experimentet visar att cirka 26 % av svenska användare använder sina personnamn när de skapar lösenord, vilket gör lösenord sårbara för enkel gissning med hjälp av lösenordsgissningsverktyg. Dessutom utförs en enkel analys av den resulterande lösenordsåterställningsfilen vad gäller lösenordslängd och komplexitet. De resulterande siffrorna visar att mer än hälften av de gissade lösenorden är kortare än åtta tecken, vilket är en indikation på att de inte följer rekommendationerna från standardorganisationer. Resultaten visar också en svag kombination av bokstäver, siffror och specialtecken vilket indikerar att många svenskar inte upprätthåller tillräcklig variation när de komponerar sina lösenord. Detta innebär mindre lösenordskomplexitet, vilket gör lösenord till ett mål för enkel gissning. Arbetet kan fungera som en snabbreferens för att få en överblick över trender inom lösenordsgissningsfältet. Å andra sidan kan den resulterande andelen svenska personnamn i svenska lösenordsläckor uppmärksamma de aktiva aktörerna i samhället gällande informationssäkerhet för att förbättra lösenordssäkerhetsåtgärderna i Sverige. Password security password-guessing tool password-guessing method password-guessing technique offline attack Swedish password leak Lösenordssäkerhet lösenordsgissningsverktyg lösenordsgissningsmetoder lösenordsgissningstekniker offline attack svenska lösenordsläckor Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Information Systems Other Computer and Information Science Annan data- och informationsvetenskap Probability Theory and Statistics Sannolikhetsteori och statistik Computer Systems Datorsystem
47	A shoulder-surfing resistant graphical password system Alesand, Elias, Sterneling, Hanna January 2017 (has links) The focus of this report is to discuss graphical password systems and how they can contribute to handle security problems that threaten authentication processes. One such threat is shoulder-surfing attacks, which are also reviewed in this report. Three already existing systems that are claimed to be shoulder-surfing resilient are described and a new proposed system is presented and evaluated through a user study. Moreover, the system is compared to the mentioned existing systems to further evaluate the usability, memorability and the time it takes to authenticate. The user study shows that test subjects are able to remember their chosen password one week after having registered and signed in once. It is also shown that the average time to sign in to the system after five minutes of practice is within a range of 3.30 to 5.70 seconds. The participants in the experiments gave the system an average score above 68 on the System Usability Scale, which is the score of an average system. shoulder-surfing resistant graphical password system guessing attacks graphical passwords recognition-based recall-based pure recall-based password security password space pictorial superiority effect brute-force attack dictionary attack hot-spots memorability graphical components authentication Computer Sciences Datavetenskap (datalogi)
48	An Experimental Study on the Role of Password Strength and Cognitive Load on Employee Productivity Mujeye, Stephen 01 January 2016 (has links) The proliferation of information systems (IS) over the past decades has increased the demand for system authentication. While the majority of system authentications are password-based, it is well documented that passwords have significant limitations. To address this issue, companies have been placing increased requirements on the user to ensure their passwords are more complex and consequently stronger. In addition to meeting a certain complexity threshold, the password must also be changed on a regular basis. As the cognitive load increases on the employees using complex passwords and changing them often, they may have difficulty recalling their passwords. As such, the focus of this experimental study was to determine the effects of raising the cognitive load of the authentication strength for users upon accessing a system via increased strength for passwords requirements. This experimental research uncovered the point at which raising the authentication strength for passwords becomes counterproductive by its impact on end-user performances. To investigate the effects of changing the cognitive load (via different password strength) over time, a quasi-experiment was proposed. Data was collected in an effort to analyze the number of failed operating system (OS) logon attempts, users’ average logon times, average task completion times, and number of requests for assistance (unlock & reset account). Data was also collected for the above relationships when controlled for computer experience, age, and gender. This quasi-experiment included two experimental groups (Group A & B), and a control group (Group C). There was a total of 72 participants from the three groups. Additionally, a pretest-posttest experiment survey was administered before and after the quasi-experiment. Such assessment was done in an effort to see if user’s perceptions of password use would be changed by participating in this experimental study. The results indicated a significant difference between the user’s perceptions about passwords before and after the quasi-experiment. The Multivariate Analysis of Variance (MANOVA) and Multivariate Analysis of Covariate (MANCOVA) tests were conducted. The results revealed a significance difference on the number of failed logon attempts, average logon times, average task completion, and amount of request for assistance between the three groups (two treatment groups & the control group). However, no significant differences were observed when controlling for computer experience, age, and gender. This research study contributed to the body of knowledge and has implications for industry as well as for further study in the information systems domain. It contributed by giving insight into the point at which an increase of the cognitive load (via different password strengths) become counterproductive to the organization by causing an increase in number of failed OS logon attempts, users' average logon times, average task completion times, and number of requests for assistance (unlock and reset account). Future studies may be conducted in the industry as results by differ from college students. Information technology Access Control Authentication Cognitive Load Theory Password Complexity Paradox Passwords Password Strength Computer Sciences Computer Security Databases and Information Systems
49	Metody ukládání uživatelských hesel v operačních systémech / Password deposition techniques in operating systems Pavlík, Martin January 2009 (has links) This master thesis deals with ways to store passwords in current operating systems. Specifically, this work focuses on Windows, Linux, BSD and OS X. These systems are examined for ways of hashing passwords and on resistance of resulting hashes against various attacks. First (theoretical) section describes the procedures and algorithms that are needed for user authentication. This part also describes methods of hash storing. At the end of the theoretical part are generally described some possible attacks against hash functions. In second (practical) part is described and tested tools for obtaining hashes of the investigated operating systems. Subsequently practical attacks were conducted against obtained hashes by using appropriate tools. Furthermore there are presented results of the attacks. In the conclusion of the work there is a comparison of tools and methods which were used to obtain plaintext passwords from operating systems.
50	Advanced password-authenticated key exchanges / Les échanges de clefs complexes sécurisés par mot de passe Dupont, Pierre-Alain 29 August 2018 (has links) L’échange de clef authentifié est probablement la primitive asymétrique la plus utilisée, notamment du fait de son inclusion dans le protocole TLS. Pour autant, son cousin, l’échange de clef authentifié par mot de passe, où l’authentification s’effectue par comparaison de mot de passe, l’est bien moins, bien qu’ayant déjà fait l’objet d’études considérables. C’est pourtant une primitive finalement bien plus proche d’une authentification réelle, dès lors qu’une des parties est humaine. Dans cette thèse, nous considérons des primitives avancées fondées sur l’échange de clef authentifié par mot de passe, en gardant à l’œil ses applications pratiques. Spécifiquement, nous introduisons une nouvelle primitive, l’échange de clef authentifié par mot de passe approximatif, où la condition de succès de l’authentification est désormais d’avoir une distance suffisamment faible entre les deux mots de passe, et plus nécessairement l’égalité parfaite. Nous fournissons un modèle de sécurité dans le cadre du modèle de composabilité universelle (UC) ainsi qu’une construction reposant sur un partage de secret robuste et des échanges de clefs authentifiés par mot de passe exact. Dans une seconde partie, nous considérons le problème pratique de la perte du mot de passe dès lors qu’une session est conduite sur un terminal compromis. Étant donné qu’il s’agit d’un problème intrinsèque à l’authentification par mot de passe, nous étendons le modèle BPR habituel pour prendre en compte, en lieu et place du mot de passe, des questions-réponses, toujours de faible entropie. Nous fournissons plusieurs protocoles dans ce modèle, dont certains reposent sur des familles de fonctions compatibles avec les humains, dans lesquelles les opérations requises pour dériver la réponse depuis la question sont suffisamment simples pour être faites de tête, permettant donc à l’humain de s’identifier directement. / Authenticated key exchange is probably the most widely deployed asymmetric cryptographic primitive, notably because of its inclusion in the TLS protocol. Its cousin, password-authenticated key exchange — where the authentication is done using a low-entropy password — while having been studied extensively as well has been much less used in practice. It is, however, a primitive much closer to actual authentication when at least one party is human. In this thesis, we consider advanced primitives based on password-authenticated key exchange, with an eye toward practical applications. Specifically, we introduce fuzzy password-authenticated key exchange, where the authentication succeeds as long as the two passwords are close enough, and not necessarily equal. We provide a security model in the UC framework, as well as a construction based on regular password-authenticated key exchanges and robust secret-sharing schemes. Secondly, we consider the practical problem of password leakage when taking into account sessions conducted on a corrupted device. As there is intrinsically no hope with regular password authentication, we extend the BPR security model to consider low-entropy challenge responses instead. We then provide several instantiations, some based on human-compatible function families, where the operation required to answer the challenge are simple enough to be conducted in one’s head, allowing the actual authentication to be directly performed by the human being. Authentification Clef-publique Cryptographie Échange de clef Mot de passe Mot de passe approximatif Authentication Cryptography Fuzzy password Key exchange Password Public-key 005.8 004

Search results