Global ETD Search

51	Användning och uppfattning av lösenordshanterare : En kvantitativ enkätundersökning om vilka faktorer som påverkar användningen av lösenordshanterare / Usage and perception of password managers : A quantitative survey on which factors influence the use of password managers Björk, Theodor January 2023 (has links) Lösenord och användarnamn används för att identifiera och autentisera användare i olika system, tjänster och applikationer. För att försäkra att ingen obehörig får åtkomst till diverse system, tjänst eller applikation krävs korrekta autentiseringsuppgifter. Nya användare har oftast i uppgift att skapa egna lösenord, vilket har visat sig vara bristfälligt. Genom tidigare forskning har det fastställts att användare i stort omfång återanvänder eller skapar lösenord som är lätta att gissa. Genom att använda en lösenordshanterare kan skapandet av nya lösenord underlättas genom att generera nya via lösenordshanteraren. Lösenordshanterare kan även spara och lagra lösenord som gör det enklare att skapa lösenord som är mer komplexa. Tidigare studier visar på att webbaserade alternativ inte är lika säkra som fristående alternativ. Denna studie undersöker vilka faktorer som påverkar användningen av lösenordshanterare. Genom att genomföra en enkätundersökning med respondenterna som använder olika typer av lösenordshanterare kan en uppskattning av faktorer som påverkar användandet mätas. Att även rikta frågor mot personer som inte använder lösenordshanterare kan ge förståelse för användning av lösenordshanterare ur ett bredare perspektiv. Resultatet från studien visar på att upplevd nytta, vana, kostnad och tillit är faktorer som påverkar användningen av lösenordshanterare. Password managers perception attitude password security survey Lösenordshanterare uppfattning attityder lösenordssäkerhet enkätundersökning Information Systems, Social aspects
52	Resolving the Password Security Purgatory in the Contexts of Technology, Security and Human Factors Adeka, Muhammad I., Shepherd, Simon J., Abd-Alhameed, Raed 22 January 2013 (has links) Yes / Passwords are the most popular and constitute the first line of defence in computer-based security systems; despite the existence of more attack-resistant authentication schemes. In order to enhance password security, it is imperative to strike a balance between having enough rules to maintain good security and not having too many rules that would compel users to take evasive actions which would, in turn, compromise security. It is noted that the human factor is the most critical element in the security system for at least three possible reasons; it is the weakest link, the only factor that exercises initiatives, as well as the factor that transcends all the other elements of the entire system. This illustrates the significance of social engineering in security designs, and the fact that security is indeed a function of both technology and human factors; bearing in mind the fact that there can be no technical hacking in vacuum. This paper examines the current divergence among security engineers as regards the rules governing best practices in the use of passwords: should they be written down or memorized; changed frequently or remain permanent? It also attempts to elucidate the facts surrounding some of the myths associated with computer security. This paper posits that destitution of requisite balance between the factors of technology and factors of humanity is responsible for the purgatory posture of password security related problems. It is thus recommended that, in the handling of password security issues, human factors should be given priority over technological factors. The paper proposes the use of the (k, n)-Threshold Scheme, such as the Shamir’s secret-sharing scheme, to enhance the security of the password repository. This presupposes an inclination towards writing down the password: after all, Diamond, Platinum, Gold and Silver are not memorised; they are stored. / Petroleum Technology Development Fund Guidelines Internet Education Human factors Computer crime Purgatory Technology Cryptography Computer security Social engineering Human hacking Socio-cryptanalysis Password Password repository
53	Evaluating the Memorability of Different Password Creation Strategies : A Systematic Literature Review Lennartsson, Markus January 2019 (has links) Due to its simplicity and deployability, password authentication is today's most common way of authentication. In conjunction with increasing numbers of accounts per user, the amount of passwords to be remembered is rising as well. This puts a noticeable strain on human memory which users attempt to mitigate by writing them down, reusing them or selecting overly simple ones. In order to prevent such behavior and the security issues it is accompanied by, finding ways to generate memorable passwords is imperative. The conducted systematic literature review aimed to identify to which extent different password creation strategies are facilitating the generation of memorable passwords. Several search term combinations were used to probe four scientific databases for peer-reviewed articles that satisfy distinct selection criteria. Afterwards, backward snowballing was conducted and references of already accepted publications were checked against identical selection criteria. Eventually, 61 accepted articles underwent a qualitative data analysis by means of grounded theory. The analysis showed that different composition strategies entailed substantial differences in memorability. Those that infused passwords with deeper meaning to the user were found easy to remember whereas failing to infuse meaning impeded recall. Overall, user-generated passwords turned out be more memorable than system-generated ones. / På grund av sin enkelhet och användbarhet är lösenordsautentisering dagens mest använda sätt att autentisera sig. Antalet lösenord som ska minnas ökar i samband med ett stigande antal konton per användare. Detta utgör en tydlig belastning för det mänskliga minnet vilket användarna försöker lindra genom att skriva ner lösenord, återanvända dem eller välja alltför enkla varianter. Att hitta sätt att skapa lösenord som är lätta att komma ihåg är en nödvändighet för att förebygga liknande beteenden samt de säkerhetsproblem som de är förknippade med. Den utförda systematiska litteraturstudien hade som mål att identifiera i vilken omfattning olika strategier för lösenordskonstruktion underlättar skapandet av minnesvärda lösenord. Ett flertal kombinationer av sökbegrepp användes för att söka i fyra vetenskapliga databaser efter granskade artiklar som uppfyller tydliga urvalskriterier. Efteråt användes backward snowballing och referenser av redan accepterade publikationer kontrollerades med samma urvalskriterier. Till slut genomgick 61 accepterade artiklar en kvalitativ dataanalys med hjälp av grounded theory. Analysen visade att olika kompositionsstrategier förde med sig betydande skillnader gällande hur minnesvärda resulterande lösenord var. Strategier som fyllde lösenord med djupare betydelse för användaren ansågs vara lätta att minnas medan det var svårare att komma ihåg dem när ingen betydelse ingjutits. Över lag visade sig användargenererade lösenord vara lättare att komma ihåg än systemgenererade. password memorability authentication usability lösenord minnesvärdhet autentisering användbarhet Computer and Information Sciences Data- och informationsvetenskap
54	The Effects Of Coherence Of The Image Used In The Graphical Password Scheme In Terms Of Usability And Security Arslan Aydin, Ulku 01 September 2012 (has links) (PDF) There is a dilemma between security and usability, which are two fundamentally conflicting issues. From the usability perspective, authentication protocols should be easy to use and passwords generated from these protocols should be easy to remember. From the security perspective, passwords should be hard to guess and should not be written down or stored in a plain text. Instead of using text based passwords, graphical passwords have been proposed to increase both memorability and security. Biederman (1972) and Biederman, Glass, &amp / Stacy (1973) reported that the objects in a coherent image were recognized and identified more efficiently and quickly than the objects in a jumbled image in which the jumbled image was created by dividing the coherent image into sections and changing the position of the sections without rotating them. The study was designed to experimentally examine the differences in usability and security of the graphical password scheme by manipulating the coherence of the displayed image. Sixty-three volunteers participated in the main experiment. The participants were divided into groups according to the type of image they were presented in the password creation (either coherent-image or jumbled-image) task. Each participant created a graphical password and three days after the first session (i.e., second session) s/he tried to remember it in order to authenticate to the system. The results revealed that in the proposed graphical password scheme, using coherent image has more advantages over jumbled image in terms of usability and security. QA Computer Software 76.75-76.765 Usable Security Graphical Password Scene Memory
55	An integrated intelligent approach to enhance the security control of it systems : a proactive approach to security control using artificial fuzzy logic to strengthen the authentication process and reduce the risk of phishing Salem, Omran S. A. January 2012 (has links) Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.
56	Viability of Human Intelligence Tasks as a method for password categorization Palm, Christopher January 2018 (has links) This study investigates the viability of using Human Intelligence Tasks (HIT) in password categorization. To achieve this, this study constructs and performs a HIT experiment on the online crowdsourcing platform Amazon Mechanical Turks. The study performs the experiment on the site Amazon Mechanical Turks, and gathers data in the form of answers from the workers. A a mixed quantitative and qualitative analysis of the data is performed to investigate on the workers ability to derive the categories of passwords from different categories and difficulties. The study results indicate that HIT workers seem to be unable to reliable categorize more complex passwords correctly, compared to more common and simple passwords. With this result, the study concludes that the quality and reliability of HIT password categorization is lower than would be required to make HIT a valid method for password categorization. The study ends with a discussion on how and why this may be the case and briefly discuss on how the HIT task might be changed in future development to increase its viability. Human Intelligence Tasks HIT Password categorization Computer and Information Sciences Data- och informationsvetenskap
57	A Study of Online Security Practices January 2017 (has links) abstract: Data from a total of 282 online web applications was collected, and accounts for 230 of those web applications were created in order to gather data about authentication practices, multistep authentication practices, security question practices, fallback authentication practices, and other security practices for online accounts. The account creation and data collection was done between June 2016 and April 2017. The password strengths for online accounts were analyzed and password strength data was compared to existing data. Security questions used by online accounts were evaluated for security and usability, and fallback authentication practices were assessed based on their adherence to best practices. Alternative authentication schemes were examined, and other security considerations such as use of HTTPS and CAPTCHAs were explored. Based on existing data, password policies require stronger passwords in for web applications in 2017 compared to the requirements in 2010. Nevertheless, password policies for many accounts are still not adequate. About a quarter of online web applications examined use security questions, and many of the questions have usability and security concerns. Security mechanisms such as HTTPS and continuous authentication are in general not used in conjunction with security questions for most web applications, which reduces the overall security of the web application. A majority of web applications use email addresses as the login credential and the password recovery credential and do not follow best practices. About a quarter of accounts use multistep authentication and a quarter of accounts employ continuous authentication, yet most accounts fail to combine security measures for defense in depth. The overall conclusion is that some online web applications are using secure practices; however, a majority of online web applications fail to properly implement and utilize secure practices. / Dissertation/Thesis / Combination of Security Practices / Coded Account Data for 282 and 230 Web Applications / Password Recovery Statistics and Graphs / Password Policies Statistics and Graphs / Security Question Statistics and Graphs / Masters Thesis Computer Science 2017 Computer science Web studies Fallback Authentication Mulitfactor Authentication Password Policy Primary Authentication Security Question Web Application
58	Default Username and Password in Internet of Things Quach, Kim January 2018 (has links) There are several vulnerabilities and consequences resulting from the use of the authentication method of default username and password. This study uses the Mirai attack targeting Dyn in 2016 as the main motivation. The key vulnerability in the attack on Dyn, was the authentication method of default username and password. This study performs an analysis on the Internet of Things devices available for Swedish consumers with the focus on identifying and mapping devices using the method of default username and password. Other methods of authentication are also identified as well as analyzed. The results show that most of the devices does not use the authentication method of default username and password, this does not necessarily result in a simple answer on whether the product is secure or not. Factors such as how the authentication method is implemented and how the method works in the real-world is important. The information on implementation and real-world use found in the manuals has not always been clearly detailed by the manufacturers, raising further questions on the security of IoT devices. Internet of Things Mirai Malware Default password IoT authentication Computer and Information Sciences Data- och informationsvetenskap
59	Protecting Telemetry Data from Compromise Learning from the Mistakes of the Breached! Kalibjian, Jeff 11 1900 (has links) Information has value and as such any network based computer (whether that network touches the Internet or not) has the potential to be hacked. Telemetry data is not immune to the threat. While there are a myriad of security sensor and analytics tools available for entities to deploy in order to protect their IT networks and assets on those networks, sometimes overlooked is also the wealth of research data available regarding the etiology of breaches that reveal fascinating, sometimes counterintuitive insights in the best ways to configure and integrate security applications to protect the organization. After reviewing the latest research data regarding computer and IT network compromise, security strategies implied in the research data appropriate to the security challenges encountered in the telemetry post processing environment will be thoroughly examined providing tangible methodologies that may be employed to better protect organization telemetry post processing and IT infrastructures. Identity management encryption two factor authentication one time password security survey
60	Vylepšení architektury systému správy identit ve firmě / Corporate Identity and Access Management System Architecture Improvement Proposal Nop, Dominik January 2019 (has links) The master thesis focuses on assessment of current implementation of identity management system and proposal of a new implementation to increase level of stability and information security in the company, primarily regarding the systems that process financial data. In first part, basic theoretical knowledge related to identity management systems is defined. In second part, an analysis of current system state is performed. Based on this analysis, new organizational and technical solutions are proposed to the company. Finally, an implementation project proposal as well as with risk analysis and economic evaluation is completed in the end of this thesis.

Search results