Global ETD Search

1	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh 20 December 2012 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
2	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh 20 December 2012 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
3	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh January 2013 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
4	Managing Two-Factor Authentication Setup Through Password Managers Dutson, Jonathan William 09 April 2020 (has links) Two-factor authentication (2FA) provides online accounts with protection against remote account compromise. Despite the security benefits, adoption of 2FA has remained low, in part due to poor usability. We explore the possibility of improving the usability of the 2FA setup process by providing setup automation through password managers. We create a proof-of-concept KeePass (a popular password manager) extension that adds browser-based automation to the 2FA setup process and conduct a 30-participant within-subjects user study to measure user perceptions about the system. Our system is found to be significantly more usable than the current manual method of 2FA setup for multiple online accounts, with our system receiving an average SUS score of ‘A’ while the manual setup method received an average score of ‘D’. We conduct a meta-analysis of some of the most common methods of 2FA used by websites today and propose a web API that could increase the speed, ease, and scalability of 2FA setup automation. Our threat analysis suggests that using password managers for 2FA automation can be implemented without introducing significant security risks to the process. The promising results from our user study and analysis indicate that password managers have strong potential for improving the usability of 2FA setup. security usable security two-factor authentication 2FA password managers automation usability Physical Sciences and Mathematics
5	Password Management : A Study about Current Challenges with Password Management Jalali, Ali, Assadi, Laila, Osman, Asma January 2023 (has links) Effective password management is crucial for safeguarding online accounts and sensitive information. This research examines the current challenges and provides alternative solutions for better password management. This study encompasses a comprehensive survey and interviews conducted with individuals across various professional backgrounds. A total of 137 online users participated in the survey, which spanned over a duration of 15 days. Additionally, four individuals were interviewed to gather more indepth data. The study aimed to understand password selection behaviors and the factors influencing them. The goal is to develop practical strategies to enhance password security and mitigate unauthorized access to sensitive information. The purpose of the study is to provide valuable insights into the complexities of password management and contribute to the development of informed approaches for stronger password security. The study emphasizes the significance of password management and highlights the importance of educating users about the risks associated with weak passwords. The findings have implications not only for the research community but also for individuals and organizations seeking to understand user behavior and attitudes towards password systems. By gaining a deeper understanding of these aspects, it becomes possible to design more effective strategies to protect online accounts and sensitive data. Password managers password management password security user behavior authentication methods Computer Sciences Datavetenskap (datalogi)
6	Password Managers in Digital Forensics Hähni, Sascha David January 2023 (has links) Digital forensics – the scientific process to draw evidence from digital devices confiscated in a criminal investigation – is constantly adapting to technological changes. A current challenge is the widespread use of encryption that makes classical data retrieval methods obsolete. Relevant data must now be retrieved from running devices and without delay, ideally directly at the time of seizure. This requires standardised processes and specialised tools to ensure no data is overlooked, that forensic integrity is maintained, and that encrypted data can be successfully made available to investigators. While research produced many promising results in this field in the last years, there is still much work to be done due to countless different applications, operating systems, and devices that all behave in different ways. This thesis addresses a software category called password managers – applications that store login credentials to different services. Despite the obvious value of password manager data to a criminal investigation, a comprehensive description of a forensic process on how to extract such data has not yet been in the focus of research. The present work addresses this gap and presents a process to extract forensically relevant data from two password manager applications – Bitwarden and KeePass – by extending an existing forensic framework called Vision. Using design science, a forensic extraction process was developed by thoroughly analysing the inner workings of the mentioned password managers. The artefact was named Password Manager Forensics (PMF) and consists of a four-step extraction process with different Python modules to automate the extraction of relevant data. PMF was tested against three scenarios in a laboratory setting to evaluate its applicability in an investigative context. The results show that the artefact is able to extract forensically relevant information related to password managers that would otherwise not be readily available to investigators. PMF is capable to identify and extract relevant files, to extract master passwords from a memory dump, to parse configuration files for relevant data, to brute-force master passwords and PIN codes, to decrypt, extract, and validate password manager vault data, and to create summary reports. PMF is the first comprehensive forensic process to extract relevant data from password managers. This brings new opportunities for digital forensics examiners and a potential to improve the handling of devices that contain password manager data in digital investigations. The current version of PMF only supports Windows desktop applications of Bitwarden and KeePass. Yet, due to the open and flexible architecture of the artefact, further expansion and improvement is possible in future research. Digital Forensics Password Managers Memory Forensics Live Forensics Computer Sciences Datavetenskap (datalogi)
7	Lösenordshanterare : Balansen mellan användbarhet och säkerhet / Password Managers : The balance between usability and security Andersson, Jessica Carina, Sanchez Lopez, Cristina, Carlson, Mona Vanessa Gun January 2022 (has links) Lösenord är idag den mest tillämpade metod som används vid verifiering av användare. Metoden är både enkel och kostnadseffektiv vilket verkar vara två faktorer som gjort denna verifieringsmetod populär. Men precis som många andra tillvägagångssätt har även denna sina brister. Ett stort problem med lösenordsverifiering är när människor på egen hand hanterar sina lösenord. Människor tenderar att skapa svaga lösenord och på grund av minnesbegränsningar är det många personer som återanvänder lösenord på flera konton. Minnet begränsar oss människor att komma ihåg flera olika lösenord. Detsamma gäller lösenord som är starka, det vill säga långa och slumpartade teckenkombinationer. Ett tillvägagångssätt för att hantera detta är användandet av lösenordshanterare. En tjänst som bland annat kan vara appbaserad eller webbläsarbaserad. Men trots mängden och variationen av lösenordshanterare har nyttjandet för denna lösning varit låg. För att ta reda på vad detta kan bero på har denna studie gjort en undersökning för att identifiera faktorer som påverkar användningen av lösenordshanterare både positivt respektive negativt. Undersökningen gjordes på 110 respondenter som via en enkät fick ange svar hur deras användning av lösenordshanterare ser ut och varför den ser ut som den gör. / Passwords are the most used method when it comes to verifying users. This method is both easy and cost effective which seems to be two factors that have made it so popular. But, just like many other verification methods, it has its flaws. A big problem is when people are left to their own when creating and sustaining passwords. People tend to create weak passwords as well as reuse them for different accounts. This, in order to save time and memory. Memory constraints prevent people from remembering several unique passwords as well as strong passwords, i.e randomized and long combinations of characters. One way to handle this problem is by using Password Managers. A password manager is a tool that helps the user manage passwords. This tool comes in variations and can be used as an independent app or as a plug-in for browsers. But despite this, the adoption rate continues to be low. To help figure out why, this study has conducted a literature search as well as a survey involving 110 people. Through this survey, answers could be categorized into factors that could influence the reasoning behind the usage and non-usage of password managers. Password Managers Password management Lösenordshanterare lösenordshantering Computer and Information Sciences Data- och informationsvetenskap
8	Användning och uppfattning av lösenordshanterare : En kvantitativ enkätundersökning om vilka faktorer som påverkar användningen av lösenordshanterare / Usage and perception of password managers : A quantitative survey on which factors influence the use of password managers Björk, Theodor January 2023 (has links) Lösenord och användarnamn används för att identifiera och autentisera användare i olika system, tjänster och applikationer. För att försäkra att ingen obehörig får åtkomst till diverse system, tjänst eller applikation krävs korrekta autentiseringsuppgifter. Nya användare har oftast i uppgift att skapa egna lösenord, vilket har visat sig vara bristfälligt. Genom tidigare forskning har det fastställts att användare i stort omfång återanvänder eller skapar lösenord som är lätta att gissa. Genom att använda en lösenordshanterare kan skapandet av nya lösenord underlättas genom att generera nya via lösenordshanteraren. Lösenordshanterare kan även spara och lagra lösenord som gör det enklare att skapa lösenord som är mer komplexa. Tidigare studier visar på att webbaserade alternativ inte är lika säkra som fristående alternativ. Denna studie undersöker vilka faktorer som påverkar användningen av lösenordshanterare. Genom att genomföra en enkätundersökning med respondenterna som använder olika typer av lösenordshanterare kan en uppskattning av faktorer som påverkar användandet mätas. Att även rikta frågor mot personer som inte använder lösenordshanterare kan ge förståelse för användning av lösenordshanterare ur ett bredare perspektiv. Resultatet från studien visar på att upplevd nytta, vana, kostnad och tillit är faktorer som påverkar användningen av lösenordshanterare. Password managers perception attitude password security survey Lösenordshanterare uppfattning attityder lösenordssäkerhet enkätundersökning Information Systems, Social aspects
9	Webbläsares inbyggda lösenordshanterare : Faktorer som påverkar privatpersoners användning/ickeanvändning av webbläsares inbyggda lösenordshanterare / Web-browsers built-in password managers : Factors affecting the use/non-use of browsers' built-in password managers by individuals Klaar, Jonathan, Masak, Allen January 2021 (has links) Kunskap om lösenord och deras säkerhet är idag något som förbises av den gemene datoranvändaren. Lösenordshanterare kan både hjälpa och skydda vid hanteringen av lösenord. De flesta webbläsare idag har inbyggda funktioner för lösenordshantering. Utifrån existerande litteratur kunde det identifieras att det behövs data kring vilka faktorer som påverkar webbläsares användare att använda respektive inte använda dessa inbyggda lösenordshanterare. Syftet med rapporten är att presentera en analys av faktorer som påverkar varför privatpersoner väljer att använda respektive inte använda webbläsares inbyggda lösenordshanterare. Resultatet presenteras med hjälp av kvalitativa semi-strukturerade intervjuer där 33 respondenter deltagit och besvarat frågor kring deras hantering av lösenord och användning av webbläsares inbyggda lösenordshanterare. Resultat från intervjuer visade att faktorer som var av betydande roll för ickeanvändande respondenter var starkt kopplade till datorvana och hur ofta respondenter använde datorn. De faktorer som spelade störst roll för användare av verktyget var enkelhet och tidseffektivitet. Icke-användare tenderade att ha en behovsbrist gällande verktyget, mestadels på grund av deras avsaknad av datoranvändning. Faktorer som påverkar användare och icke-användare visade sig stämma överens med tidigare forskning. Dessutom sammanfattades att antalet respondenter som var användare av lösenordshanterare var betydligt högre än vad som tidigare hävdats i litteratur. Majoriteten av respondenterna (79%) var användare av lösenordshanterare, vilket motsäger tidigare studier som utförts där endast 23% använder sig av lösenordshanterare. / Knowledge of passwords and their security is today something that is overlooked by the everyday computer user. Password managers can both help and protect when managing passwords. Most web browsers today have built-in password management features. Based on existing literature, it could be identified that there is a need for knowledge concerning which factors influence web browser users to use or not use their built-in password managers. The purpose of the report is to present an analysis of factors that affect why private individuals choose to use or not use browsers built-in password managers. The results are presented with the help of qualitative semi-structured interviews in which 33 respondents participated and answered questions about their handling of passwords and the use of web browsers built-in password managers. Results from the interviews showed that factors that were significant for non-user respondents were strongly linked to computer skills and how often respondents used the computer. The factors that played the biggest role for users of the tool were simplicity and time efficiency. Non-users tended to have a lack of need for the tool, mostly because of their lack of computer usage. Factors affecting users and non-users were found to be consistent with previous research. In addition, it was concluded that the number of respondents who were users of password managers was significantly higher than previously claimed in the literature. The majority of respondents (79%) were users of password managers, which contradicts previous studies conducted where only 23% use password managers. Password management technical security informational security web browsers builtin password managers password security master password memorization Lösenordshantering teknisk säkerhet informationssäkerhet lösenordssäkerhet huvudlösenord memorering Information Systems

Search results