Tell Me Where You Live and I Will Tell Your P@Ssw0rd: Understanding the Macrosocial Variables Influencing Password’s Strength

Bergeron, Andreanne

doi:10.60097/ACIG/162863

Artykuł - szczegóły

Tytuł artykułu

Tell Me Where You Live and I Will Tell Your P@Ssw0rd: Understanding the Macrosocial Variables Influencing Password’s Strength

Autorzy

Bergeron Andreanne

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.60097/ACIG/162863

Warianty tytułu

Języki publikacji

Abstrakty

Users’ habits in relation to cybersecurity are frequently examined from the micro perspective, using survey results to obtain impactful variables from individuals, focusing on usability and security factors of passwords. In this paper, the influence of macrosocial factors on password strength is studied in order to offer a global comprehension of the influence of the environment on users. Using the list of the 200 most common passwords by countries released by NordPass in 2021, logistic regression has been used to predict macrosocial variable influencing password strength. Results show that (1) Literacy level of a population; (2) Voice and accountability; (3) Level of global cybersecurity; and (4) Level of data breaches exposure significantly predict users’ password strength performance. The author discusses the impact of government on password hygiene of users hoping to influence the development of policies around cyber security configurations and investment set by nations and institutions.

Słowa kluczowe

password authentication users’ behaviours users protection

hasło uwierzytelnianie zachowanie użytkowników ochrona użytkowników

Wydawca

NASK – National Research Institute

Czasopismo

Applied Cybersecurity & Internet Governance

Rocznik

2023

Tom

Vol. 2, No. 1

Strony

1--19

Opis fizyczny

Bibliogr. 47 poz., tab.

Twórcy

autor

Bergeron Andreanne

andreanne.bergeron.5@umontreal.ca

GoSecure; University of Montreal, Canada

https://orcid.org/0000-0001-9013-6662

Bibliografia

1. E. E. Best, “The literate Roman soldier,” The Classical Journal, vol. 62, no 3, pp.122–127, 1966.
2. E. Stobert, R. Biddle, “The password life cycle: user behaviour in managing passwords,” 10th symposium on usable privacy and security (SOUPS 2014), 2014.[Online]. Available: https://www.usenix.org/confere.... [Accessed: July 28, 2023].
3. B. Ur, S.M. Segreti, L. Bauer, N. Christin, L.F. Cranor, S. Komanduri, D. Kurilova,M.L. Mazurek, W. Melicher, R. Shay, “Measuring {Real-World} Accuracies and Biases in Modeling Password Guessability,” 24th USENIX Security Symposium, 2015 [Online]. Available: https://www.usenix.org/confere.... [Accessed: July 28, 2023].
4. A. Das, J. Bonneau, M. Caesar, N. Borisov, X. Wang, “The tangled web of password Reuse,” Proceedings of the NDSS, 2014. [Online]. Available: https://www.cs.umd.edu/class/s.... [Accessed: July 28, 2023].
5. J. Yan, A.F. Blackwell, R.J. Anderson, A. Grant, “Password memorability and security: empirical results,” IEEE Security & Privacy, vol. 2, no. 5, pp. 25–31, 2004,doi: 10.1109/MSP.2004.81.
6. W. Han, Z. Li, M. Ni, G. Gu, W. Xu, “Shadow attacks based on password reuses: A quantitative empirical view,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 2, pp. 309–320, 2018, doi: 10.1109/TDSC.2016.2568187.
7. L. Bosnjak, B. Brumen, “What do students do with their assigned default passwords?,” 39th International convention on information and communication technology, electronics and microelectronics, pp. 1430–1435, 2016.
8. P. Van Schaik, D. Jeske, J. Onibokun, L. Coventry, J. Jansen, P. Kusev, “Riskperceptions of cyber-security and precautionary behaviour,” Computer and Human Behavior, vol. 75, pp. 547–559, 2017, doi: 10.1016/j.chb.2017.05.038.
9. M. Zviran, W.J. Haga, “Cognitive passwords: The key to easy access control,” Computers & Security, vol. 9, no. 8, pp. 723-736, 1990, doi: 10.1109/JCIT.1990.128279.
10. C. Yang, J. L. Hung, Z. Lin, “An analysis view on password patterns of Chinese internet users,” Nankai Business Review International, 2013, doi:10.1108/20408741311303887.
11. V. Nedvěd, “Careless society: Drivers of (un) secure passwords,” M.A. thesis, Charles University, Prague, 2021. [Online]. Available: https://dspace.cuni.cz/handle/.... [Accessed: July 28, 2023].
12. J. Corrales, F. Westhoff, “Information technology adoption and political regimes,” International Studies Quarterly, vol. 50, no. 4, pp. 911-933, 2006, doi: 10.1111/j.1468-2478.2006.00431.x.
13. M. Kummu, M. Taka, J.H. Guillaume, “Gridded global datasets for gross domestic product and Human Development Index over 1990–2015,” Scientific data, vol. 5,no.1, pp. 1-15, 2018, doi: 10.1038/sdata.2018.4.
14. L. Fioramonti, L. Coscieme, L.F. Mortensen, “From gross domestic product towel being: How alternative indicators can help connect the new economy with the Sustainable Development Goals,” The Anthropocene Review, vol. 6, no. 3, pp.207-222, 2019, doi: 10.1177/2053019619869947.
15. K. Farahbod, C. Shayo, J. Varzandeh, “Cybersecurity indices and cybercrime annual loss and economic impacts,” Journal of Business and Behavioral Sciences, vol. 32,no. 1, pp. 63-71, 2020.
16. E. Schmar-Dobler, “Reading on the Internet: The link between literacy and technology,” Journal of adolescent & adult literacy, vol. 47, no. 1, pp. 80-85, 2003.
17. D. Weirich, M.A. Sasse, “Pretty good persuasion: a first step towards effective password security in the real world,” Proceedings of the 2001 workshop on New security paradigms, 2001. [Online]. Available: https://dl.acm.org/doi/abs/10..... [Accessed : July 28, 2023].
18. C. Rinn, K. Summers, E. Rhodes, J. Virothaisakun, D. Chisnell, “Password creation strategies across high – and low-literacy web users,” Proceedings of the Association for Information Science and Technology, vol. 52, no. 1, pp.1-9, 2016, doi: 10.1002/pra2.2015.145052010052.
19. K.M. Hogan, G.T. Olson, M. Angelina. (2020). A comprehensive analysis of cyber data breaches and their resulting effects on shareholder wealth. [Online]. Available: https://papers.ssrn.com/sol3/p.... [Accessed :July 28, 2023].
20. A. M. Algarni, V. Thayananthan, Y. K. Malaiya, “Quantitative assessment of cyber security risks for mitigating data breaches in business systems,” Applied Sciences, vol. 11, no. 8, pp. 3678, 2021, doi: 10.3390/app11083678.
21. K. Campbell, L.A. Gordon, M.P. Loeb, L. Zhou, “The economic cost of publicly announced information security breaches: empirical evidence from the stock market,” Journal of Computer security, vol. 11, no. 3, pp. 431-448, 2003, doi:10.3233/JCS-2003-11308.
22. L. Ablon, P. Heaton, D.C. Lavery, S. Romanosky, Consumer attitudes toward data breach notifications and loss of personal information. Santa Monica: Rand Corporation, 2016.
23. C. Braz, A. Seffah, D. M’Raihi, “Designing a trade-off between usability and security: a metrics based-model,” IFIP Conference on human-computer interaction, Rio de Janeiro, 2007, pp.114-126. [Online]. Available: https://link.springer.com/chap.... [Accessed : July 28, 2023].
24. N. Gunson, D. Marshall, H. Morton, M. Jack, “User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking,” Computer Security, vol. 30, no. 4, pp. 208–220, 2011, doi: 10.1016/j.cose.2010.12.001.
25. D. Florencio, C. Herley, “A large-scale study of web password habits,” Proceedings of the 16th international conference on World Wide Web, 2007. [Online]. Available: https://dl.acm.org/doi/abs/10..... [Accessed: July 28, 2023].
26. A. K. Kyaw, F. Sioquim, and J. Joseph, “Dictionary attack on Wordpress: Security and forensic analysis,” Second International Conference on Information Security and Cyber Forensics (InfoSec), Cape Town, 2015, pp. 158–164. [Online]. Available: https://ieeexplore.ieee.org/do... [Accessed: July 28, 2023].
27. A. Narayanan, V. Shmatikov, “Fast dictionary attacks on passwords using time space tradeoff,” Proceedings of the 12th ACM conference on Computer and communications security, Alexandria, 2005, pp. 364–372. [Online]. Available: https://dl.acm.org/doi/abs/10..... [Accessed: July 28, 2023].
28. A. P. H. de Gusmão, M. M. Silva, T. Poleto, L. C., e Silva, A. P. C. S. Costa, “Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory,” International Journal of Information Management, vol. 43, pp. 248-260,2018, doi: 10.1016/j.ijinfomgt.2018.08.008.
29. H. Taherdoost, “A review of technology acceptance and adoption models and Theories,” Procedia manufacturing, vol. 22, pp. 960–967, 2018, doi: 10.1016/j.promfg.2018.03.137.
30. F. E. Harrell, K.L. Lee, D.B. Mark, “Multivariable prognostic models: issues in developing models, evaluating assumptions and adequacy, and measuring and reducing errors,” Statistic in Medecine, vol. 15, no. 4, pp. 361–387, 1996,doi:10.1002/(sici)1097-0258(19960229)15:4<361::aid-sim168>3.0.co;2-4.
31. P. Peduzzi, J. Concato, E. Kemper, T.R. Holford, A.R. Feinstein, “A simulation study of the number of events per variable in logistic regression analysis,” Journal of Clinical Epidemiology, vol. 49, no. 12, pp. 1373–1379, 1996, doi:10.1016/s0895-4356(96)00236-3.
32. L.E. Eberly, “Multiple linear regression,” in Topics in Biostatistics, W. T. Ambrosius, Totowa: Humana Press, 2007, pp. 165-187, doi: 10.1007/978-1-59745-530-5_9.
33. N. M. Jakopin, A. Klein, “Determinants of broadband internet access take up: Country level drivers,” Journal of Policy, Regulation and Strategy for Telecommunications, Information and Media, vol. 13, no. 5, pp. 29–47, 2011, doi:10.1108/14636691111160626.
34. N. Kock, L. Gaskins, “The mediating role of voice and accountability in the relationship between Internet diffusion and government corruption in Latin America and Sub-Saharan Africa,” Information Technology for Development, vol.20, no. 1, pp. 23-43, 2014, doi: 10.1080/02681102.2013.832129.
35. P.F. Musa, P. Meso, V.W. Mbarika, “Toward sustainable adoption of technologies for human development in sub-Saharan Africa: Precursors, diagnostics, and prescriptions,” Communications of the Association for Information Systems, vol. 15,no. 33, pp. 592–608, 2005, doi:10.17705/1CAIS.01533.
36. S. Creese, W.H. Dutton, P. Esteve-González, R. Shillair, “Cybersecurity capacity-building: cross-national benefits and international divides,” Journal of Cyber Policy, vol. 6, no. 2, pp. 214-235, 2021, doi: 10.1080/23738871.2021.1979617.
37. L. Kano, E. W. Tsang, H. W. C. Yeung, “Global value chains: A review of the multi-disciplinary literature,” Journal of international business studies, vol. 51, no.4, pp.577-622, 2020, doi: 10.1057/s41267-020-00304-2.
38. K. Vu, K. Hartley, A. Kankanhalli, “Predictors of cloud computing adoption: A cross-country study,” Telematics and Informatics, vol. 52, no. 101426, 2020, doi:10.1016/j.tele.2020.101426.
39. M. M. Alam, M. W. Murad, “The impacts of economic growth, trade openness and technological progress on renewable energy use in organization for economicco-operation and development countries,” Renewable Energy, vol. 145, pp. 382-390,2020, doi: 10.1016/j.renene.2019.06.054.
40. N. Ameen, R. Willis, M.H. Shah, “An examination of the gender gap in smartphone adoption and use in Arab countries: A cross-national study,” Computers in Human Behavior, vol. 89, pp. 148-162, 2018, doi: 10.1016/j.chb.2018.07.045.
41. V. Dutot, V. Bhatiasevi, N. Bellallahom, “Applying the technology acceptance model in a three-countries study of smartwatch adoption,” The Journal of High Technology Management Research, vol. 30, no.1, pp. 1-14, 2019, doi: 10.1016/j.hitech.2019.02.001.
42. H. Edquist, P. Goodridge, J. Haskel, “The Internet of Things and economic growth in a panel of countries,” Economics of Innovation and New Technology, vol. 30, no.3, pp. 262-283, 2021, doi: 10.1080/10438599.2019.1695941.
43. N. Terzi, “The impact of e-commerce on international trade and employment, ”Encyclopedia of e-commerce development, implementation, and management, (IGI Global), pp. 2271-2287, 2016.
44. D. J. Leu, “Our children’s future: Changing the focus of literacy and literacy instruction,” The Reading Teacher, vol. 53, no. 5, pp. 424, 2000.
45. N. A. G. Arachchilage, S. Love, “Security awareness of computer users: A phishing threat avoidance perspective,” Computers in Human Behavior, vol. 38, pp.304-312,2014, doi: 10.1016/j.chb.2014.05.046.
46. S. Karunakaran, K. Thomas, E. Bursztein, O. Comanescu, “Data breaches: User comprehension, expectations, and concerns with handling exposed data, ”Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), Baltimore,2018, pp. 217-234, 2018.
47. Government of Canada. “Breach of Security Safeguards Regulations,” 2018.[Online]. Available: https://gazette.gc.ca/rp-pr/p2.... [Accessed: July 28, 2023].

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2024).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-1ab7f7d6-49d2-4c21-9a27-04a9bcad878f