Global ETD Search

31	Security and Usability : Recommendations for Password User Interfaces Borg Goga, Cleopatra January 2023 (has links) The data generated by interconnected technologies has to be protected. Passwords are used to protect many different systems and are considered an essential part of cybersecurity. The system often permits the user to select their password, where the user becomes partly responsible for the security. Selecting a predictable, common, or easily guessed password is considered a human error that affects the security of the system. Security mechanisms are often enforced by websites to try to prevent users from creating weak passwords. However, predictable and weak passwords are still used. This study examines the security and usability of password user interfaces with a qualitative approach including a systematic literature review, where the data is analysed with thematic analysis and evaluation of websites with usability testing. The objective is to provide security and usability recommendations based on previous research and users' opinions. The result identifies successful criteria features, feedback features, and usability features that can be implemented in the user interface. In addition, the usability testing results discover usability issues present on commonly used websites. The study concludes that seven security and usability features are necessary in the password user interface when the aim is to encourage users to create secure passwords. Passwords Cybersecurity User Interface Usability Recommendations Information Systems
32	Webbapplikationssäkerhet / Webbapplication security Eklund Kavtaradze, Gustav January 2021 (has links) Säkerhet i applikationer blir allt viktigare, ju mer allting i samhället blir digitaliserat, för attskydda användare och information. Bara under genomförandet av denna rapport skedde två större informationsläckor av känsliga svenska informationshemligheter. Målsättningen med dennarapport är att ta reda på vad det är för säkerhetsrisker som finns för applikationer, generellaåtgärder som kan implementeras för att åtgärda dessa risker och hur dataskyddsförordningen(GDPR) hör ihop med säkerheten i webbapplikationer. För att komma fram till generella åtgärder gjordes även en säkerhetsutvärderingsmetod som används för att kunna utvärdera hurde olika åtgärderna skyddar applikationer för att dels kunna se att alla delar säkrats samt attde fungerar som de bör. Resultatet av denna rapport ger generell åtgärdslista med åtgärder sombör implementeras i applikationers backend men för att ge en liknande åtgärdslista för frontendkrävs det mer arbete, där frontend åtgärdslistan i denna rapport är minimalistisk. Säkerhets utvärderingsmetoden visade sig även bli en del i de åtgärdslistor för att kunna användas även pådriftsatta applikationer. I resultatet av GDPR-undersökningen framkom det att inga specifikakrav ställs ifrån GDPR, istället har lagen i uppgift att höja prioriteten genom att konsekvenserna som kan uppkomma vid felhantering av användares personuppgifter blir mer påtagliga /kostsamma för organisationen. / Security in applications, to protect users and information, is becoming increasingly importantas society is becoming more digitized. During the duration of this report two major informationleaks, of sensitive Swedish classified information, occurred. The aim of this report is to findwhat security risks exist for webapplications, general measures that can be implemented to address these risks and how The General Data Protection Regulation (GDPR) is related to securityin applications. In order to achieve these general measures a security evaluation method was alsoused to be able to evaluate how the various measures protect webapplications, and function asrequired. The results of this report provide a general list of actions that should be implementedin application backends, but to provide a similar for the frontend more wokrs is required, wherethe frontend action list in this report is minimal. The safety evaluation method also proved to bea part of the action lists in order to be able to test the security even on operational applications.The results of the GDPR survey showed that no specific requirements are set from GDPR,instead the law has the task of raising the priority by making the consequences that can arisefrom incorrect handling of users’ personal data more serious / costly to the organization Oauth2.0 security authorization passwords JWT Oauth2.0 säkerhet autentisering lösenord JWT Computer Systems Datorsystem
33	User Perception of their Password Habits in Terms of Security, Memorability, and Usability Florestedt, Louise, Andersson, Malin January 2024 (has links) In an era where digital security concerns are paramount, understanding users' behaviors and attitudes towards password management is crucial. This research examines users' perception of their password habits in terms of security, memorability, and usability. The study encompasses a comprehensive survey and interviews conducted with individuals across various professional backgrounds and age groups. A total of 87 online users responded to the questionnaire and ten individuals were interviewed to gather more in-depth data. The study aimed to understand how users perceive the trade-offs between security, memorability, and usability in their password habits and what factors influence their choices in creating and managing passwords. The findings reveal nuanced insights into users' password practices. While users acknowledge the importance of security, they often prioritize memorability and usability over stringent security measures. Factors such as convenience, familiarity, and personal preferences significantly influence password creation and management. Despite being aware of security risks associated with weak passwords and password reuse, users commonly engage in these practices due to the challenges posed by complex password requirements and the sheer volume of passwords needed for various accounts. Overall, this research underscores the importance of understanding users' perspectives on password habits to develop more effective strategies for promoting password security. By bridging the gap between user behavior and security policies, organizations may be able to tailor interventions that align with user preferences, thereby fostering a more secure online environment. Information Security Passwords Password Security Memorability Usability Password Habits Information Systems
34	Colour a Symbol : Autentisering för smartphones Engvall, Markus, Teljing, Johanna January 2014 (has links) Under de senaste åren har den mobila tekniken i stort sett helt gått över till smartphones. Smartphones är i princip mer datorer än telefoner, som vi alltid bär med oss och som innehåller allt mer känslig information. Detta medför att kraven på säkerheten kring enheten ökar. Detta arbete undersöker om det är möjligt att finna en ny metod att låta användaren autentisera sig på, som är säkrare än de som är vedertagna idag, men samtidigt har liknande nivå av användbarhet. Vår idé, som vi arbetar med under namnet Colour a Symbol, baseras på att kombinera symboler och färger i par. För att utveckla idén skapade vi en funktionell prototyp, som sedan utvärderadesmed hjälp av en mindre testgrupp. Empirin visar på att Colour a Symbol har en god användbarhet, om än något för lång inloggningstid. Idéer för att förbättra inloggningstiden presenteras. Teoretiskt sett så är Colour a Symbol säkrare än exempelvis pinkod, men testgruppen var inte tillräckligt stor för att kunna bedöma den praktiska lösenordsrymden. Utformning av symboltema påverkar även förmodligen i hög grad den praktiska lösenordsrymden. Vår slutsats är att idén har en klar potential, men att det behövs ytterligare studier för att finslipa den. / During the past years mobile technology has moved almost entirely to smartphones. Smartphones are in essence more computers than phones, which we always carry with us and that contain ever more sensitive information. This requires that the level of security around the device increases. This study strives to find a new method of authenticating users, that is more secure than those that are established today, but at the same time has a similar level of usability. Our idea, which we work with under the name Colour a Symbol, is based upon making combinations of symbols and colours in pairs. In order to develop the idea we created a functional prototype, that was evaluated by a smaller test group. The empirical data implies that Colour a Symbol has good usability, if only a little too long login time. Ideas as to shorten the login time are suggested. Theoretically, Colour a Symbol is more secure than for an example pincode, but the test group was not large enough to estimate the practical password space. Design of the symbol theme probably also affects the practical password space to a high degree. Our conclusion is that the idea has clear potential, but that further studies are needed to fine-tune it. Screen lock unit lock passwords graphic passwords authentication smartphone mobile phone cell phone security access symbols colours drag and drop Skärmlås enhetslås lösenord grafiska lösenord autentisering smartphone mobiltelefon säkerhet access symboler färg drag and drop
35	Securely Handling Inter-Application Connection Credentials Lieberman, Gary 01 January 2012 (has links) The utilization of application-to-application (A2A) credentials within interpretive language scripts and application code has long been a security risk. The quandaries being how to protect and secure the credentials handled in the main body of code and avoid exploitation from rogue programmers, system administrators and other users with authorized high levels of privilege. Researchers report that A2A credentials cannot be protected and that there is no way to reduce the risk of the inevitable successful attack and subsequent exploit. Therefore, research efforts to date have primarily been focused on mitigating the impact of the attack rather than finding ways to reduce the attack surface. The work contained herein successfully addresses this serious cross-cutting concern and proves that it is in fact possible to significantly reduce the risk of attack. This reduction of risk was accomplished through implementing a method of credential obfuscation which applied advice with concerns utilizing a composition filter. The filter modified messages containing the credentials as they were sent from the interpretive language script to the remote data store. The modification extracted credentials from a secure password vault and inserted them into the message being sent to the remote data store. This modification moved the handling of the credentials from the main body of code to a secure library and out of the reach of attackers with authorized high levels of privilege. The relocation of the credential handling code lines significantly reduced the attack surface and the overall risk of attack. Abuse of privilege Application-to-application credentials Aspect Oriented Programming hardcoded passwords Password vault Software Security Computer Sciences
36	Modell för lösenordsklassning : Utveckling av lösenordsklassificering / Password classification model : Development of password classification Eriksson, Fredrik January 2017 (has links) I dagens samhälle är datorer ett naturligt inslag i vår vardag. För de flesta anses datorn vara ett verktyg för att hjälpa dem genom arbetet såväl som i vardagen. Dock finns det en mörkare sida där personer använder sig utav datorn för att begå brott. Den så kallade IT-relaterade brottsligheten ökar och ökar och enligt Brå:s rapport från 2016 har en ökning på 949 % skett i Sverige mellan 2006 till 2015 enligt den officiella kriminalstatistiken vad gäller brott som har IT-inslag (Andersson, Hedqvist, Ring & Skarp, 2016). För att få fast förövarna krävs det medel för att kunna bevisa att ett brott har begåtts. Ett sätt att göra detta är att gå in i datorn för att leta efter bevis. Om den misstänkte förövaren känner till att det finns möjlighet för denne att komma att bli granskad vad händer då? Möjligheter finns att förövaren försöker göra det så svårt som möjligt att ta sig in datorn. Detta kan då ske genom att kryptera systemet genom att använda sig av en så kallad krypteringsalgoritm för att låsa hårddisken. Denna kryptering kan vara väldigt svår att dekryptera och det kan vara enklare att försöka få tag i det rätta lösenordet istället. Denna studie har till syfte att utveckla en modell för lösenordsklassificering. Genom denna modell kan strategier som används när användare skapar sina lösenord identifieras och klassificeras. Detta bidrar till en ökad kunskap om strategier användare har när de skapar lösenord. Då fulldiskkryptering börjar bli en vanligare metod för att hindra någon obehörig från att ta sig in i systemet finns förhoppningen om att modellen ska kunna användas och utvecklas till att skapa ett ramverk för att underlätta arbetet för forensikerna hos polisen samt andra rättsvårdande myndigheter. Med denna modell kan olika strategier som olika typer av användare använder sig av när de skapar lösenord vara av sådan karaktär att de kan klassificeras in i en egen kategori. Om en sådan klassificering kan göras skulle det underlätta arbetet för IT-forensikerna och påskynda processen med att knäcka lösenord. Studien utförs genom att använda en kvalitativ metod samt validering utav modellen. Genom kvalitativa intervjuer samlas information in som sedan analyseras och används för att utveckla en modell för lösenordsklassificering. Arbetet med att utveckla en modell för lösenordsklassificering har bestått av en iterativ process där återkoppling gjorts gentemot de olika intervjuobjekten. Ett utkast till en modell med grund i befintlig forskning skapades. Utkastet diskuterades sedan med de olika intervjuobjekten, som deltagit i studien, i en iterativ process där modellen uppdaterades och återkopplades mot de olika intervjuobjekten. Validering av modellen har genomförts genom att fånga in riktiga lösenord som läckts ut på Internet och sedan testa dessa lösenord mot modellen för lösenordsklassificering. / In modern society, computers are a fundamental part of our lives. For most people, the computer is a tool used in work as well as in home activities. Unfortunately, there is a darker side where people use the computer to commit crimes. The so-called IT-related crimes keep rising in numbers and according to the Swedish Brå:s report from 2016 (Andersson, Hedqvist, Ring & Skarp, 2016) the number of crimes related to it has increased with 949% in Sweden between 2006 and 2015 according to official criminal statistics. To arrest the criminals, evidence is needed. One way to collect the evidence is to enter the computer system to collect proof of the suspect. However, if the suspect feels he or she might be a possible target for an investigation, what might happen? It’s possible the suspect tries to make it as difficult as possible to enter the computer system. This can be done by encryption of the system and use a so-called encryption algorithm to lock down the system. This encryption might be very difficult to decrypt and it might be easier so simply trying to find the correct password instead. The purpose of the study is to develop a model for password classification. With this model, it may be possible to identify and to categorize strategies users use to create their passwords. This study could contribute to create a foundation to support the IT-forensics working at the police departments. With this model, different strategies users use when creating passwords could be of a certain type that the strategy could perhaps be ranged and categorized in its own category. If a classification can be made it might ease the workload for several IT-forensics and hurry up the progress decoding the password. The study is conducted by using a qualitative method. By conducting qualitative interviews, information is collected and analyzed. This information will then be used to develop a model for password classification. The work with developing a model for password classification has been an iterative process with collected feedback from the several interview participants. A draft model, based on the existing research was made. The draft of the model was sent out to the interview participants and this draft was discussed and then updated in an iterative process. Feedback of the updated model was collected and applied to the model. The model was then validated by applying real passwords leaked to the Internet and then test these passwords against the model of password classification. passwords categorization classification strategies model computer forensics lösenord kategorisering klassificering strategier modell IT-forensik Computer Systems Datorsystem
37	A study of South African computer usersʹ password usage habits and attitude towards password security Friedman, Brandon January 2014 (has links) The challenge of having to create and remember a secure password for each user account has become a problem for many computer users and can lead to bad password management practices. Simpler and less secure passwords are often selected and are regularly reused across multiple user accounts. Computer users within corporations and institutions are subject to password policies, policies which require users to create passwords of a specified length and composition and change passwords regularly. These policies often prevent users from reusing previous selected passwords. Security vendors and professionals have sought to improve or even replace password authentication. Technologies such as multi-factor authentication and single sign-on have been developed to complement or even replace password authentication. The objective of the study was to investigate the password habits of South African computer and internet users. The aim was to assess their attitudes toward password security, to determine whether password policies affect the manner in which they manage their passwords and to investigate their exposure to alternate authentication technologies. The results from the online survey demonstrated that password practices of the participants across their professional and personal contexts were generally insecure. Participants often used shorter, simpler and ultimately less secure passwords. Participants would try to memorise all of their passwords or reuse the same password on most of their accounts. Many participants had not received any security awareness training, and additional security technologies (such as multi-factor authentication or password managers) were seldom used or provided to them. The password policies encountered by the participants in their organisations did little towards encouraging the users to apply more secure password practices. Users lack the knowledge and understanding about password security as they had received little or no training pertaining to it. Computer users -- Attitudes Computers -- Access control -- Passwords Internet -- Access control Internet -- Security measures Internet -- Management Data protection
38	Lösenordsovanor – åldersrelaterat? / Password obsolete – age related? Andersson, Sandra January 2019 (has links) This study aimed primarily at investigating if the role of age was important regarding password management and password habits of different users. Despite extensive research in password management, the problem remains that users create insecure passwords, leaving personal information and systems vulnerable to attackers. In order to examine users’ different password habits in different age categories, a multi-strategy study was conducted, which consisted of two methods, with both a questionnaire and interviews. The areas discussed in the study were whether the age was important on the user's password habits and the knowledge different users had about attacker's different methods. The study also discusses how the user thought about the creation of passwords in comparison with recommendations from existing studies of how a secure password is created and how the user remembered their password. The results of the surveys show no correlation between the user's age and password habits. However, a possible solution to the problem is finally discussed, as both previous studies and this study proves users today lack knowledge of secure passwords and lack of password habits. passwords password management password habits differences in password habits age differences password authentication password knowledge Computer and Information Sciences Data- och informationsvetenskap
39	Var kommer myndigheters lösenordspolicys ifrån? : En kvalitativ studie om deras ursprung / Where does the authorities passwordpolicys come from? : A qualtivative study about their origins Naess, Andreas January 2019 (has links) Samhället blir mer digitaliserat och fler människor kopplar upp sig mot Internet. Detta innebär att många arbetsuppgifter som hanterar känsliga uppgifter nu utförs på datorer. Det finns även många tjänster som kräver personligauppgifter för att registrera sig och kontouppgifter för att beställa varor eller prenumerera till tjänsten. Denna information är av intresse för brottslingar som kan använda denna för att tjäna pengar. Som en konsekvens av detta har användningen av lösenord ökat och för att försäkra att starka lösenord skapas följs riktlinjer. Dessa lösenordsriktlinjer skapas och sprids ofta utav myndigheter och andra expertorganisationer. Dock saknar de källor för var riktlinjerna kommer ifrån och en förklarning för hur de skapades. För att belysa detta ämnar studien att eftersöka riktlinjernas ursprung och vad dessa baserades på. Detta är en kvalitativ studie där intervjuer gjorts med informationssäkerhetspecialister från tre myndigheter och en expertorganisation. För att bearbeta data från dessa intervjuer har en tematisk analys utförts för att identifiera de olika källorna som använts vid skapandet av riktlinjerna. Studiens resultat visar att motivationen för riktlinjerna varierar mellan organisationerna. Detta kan observeras genom skillnader i deras målgrupp och fokus. Det har även visat sig att det inte finns några studier att hänvisa till. Dock är ett genomgående mönster att källorna för riktlinjerna ofta verkar vara baserade på de anställdas erfarenheter och expertis. Förutom detta tas inspiration för riktlinjerna från organisationer som NIST. / Society is getting more digitalized and more people are connecting to the Internet. This means that a lot of work that handles sensitive information is now done using computers. There is also a lot of services that requires personal information for registration and bank account information to order wares or subscribe to the service. This information is of interest to criminal who can use it to make money. Because of this the use of passwords has increased and to make sure that strong passwords are created guidelines are adhered to. The password guidelines are created and spread by authorities and expert organizations. However, there are no sources for where the guidelines came from or an explanation for how they were made. To shine a light on this, the study aims to explain the guidelines origins and what they were based on. This is a qualitative study where interviews were done with information security specialists from three governmental bodies and one expert organization. After the interviews were completed and data collected, they were analyzed using thematic analysis to identify the sources that were used during the creation of the guidelines. The study’s results show that the motivation for the guidelines vary. This can be observed through the differences in target group and focus. It also appears like there are no studies which could be referred to. Although there is a consistent pattern that the sources for the guidelines often seems to be based on the experiences and expertise of their employees. Except for this, inspiration is also drawn from organizations such as NIST. Passwords Guidelines Authorities Password policy Expert organizations Lösenord Riktlinjer Lösenordspolicy Myndigheter Expertorganisationer Computer and Information Sciences Data- och informationsvetenskap
40	Password habits of Sweden Gustafsson, Daniel January 2023 (has links) The password is the first line of defence in most modern web services, it is therefore critical to choose a strong password. Many previous studies have found patterns to improve in global users password creation but none have researched the patterns of Swedish users in particular. In this project, passwords of Swedish users were gathered from underground forums and analyzed to find if Swedish users create passwords differently from global users and if there are any weak patterns in their passwords. We found that Swedish users often use words or names found in a Swedish NLP corpus in their passwords as well as using lowercase letters more frequently than global users. We also found that several of the most popular Swedish websites use weak password policies which might contribute to Swedish users choosing weak passwords. / Lösenordet är den första försvarslinjen i de flesta moderna nät tjänsterna, det är därför kritiskt att välja ett starkt lösenord. Många tidigare studier har upptäckt mönster som kan förbättras i globala användares lösenord men ingen har tidigare forskat på mönster hos just svenska användare. I det här projektet har vi samlat lösenord av svenska användare från olika undergroundforum och analyserat dem för att ta reda på om svenska användare skapar sina lösenord annorlunda från globala användare och ifall det finns några svaga mönster i lösenorden. Vi fann att svenska användare ofta använder ord eller namn från en svensk NLP korpus i sina lösenord och även att svenska användare använder små bokstäver i högre grad än globala användare. Vi fann även att flera av de mest populära svenska hemsidorna har svaga lösenordspolicys vilken kan bidra till att svenska användare väljer svaga lösenord. Passwords Security Sweden Natural language processing NLP Policy Pattern mask Lösenord Säkerhet Sverige Mönster Computer and Information Sciences Data- och informationsvetenskap

Search results