스마트미디어저널 (Smart Media Journal)

  • 제9권4호
  • /
  • Pages.52-59
  • /
  • 2020
  • /
  • 2287-1322(pISSN)
  • /
  • 2288-9671(eISSN)
한국스마트미디어학회 (THE KOREAN INSTITUTE OF SMART MEDIA)
권호 표지
DOI QR코드

DOI QR Code

네 자리 숫자 비밀번호 2차 조사 자료에 의한 국내 패스워드 재사용 추론 연구

A Study on Domestic Password Reuse Reasoning by Analysing Four-digit Passcodes in the Second Survey

  • 문숙경 (목원대학교 마케팅빅데이터학과)
  • 투고 : 2020.11.10
  • 심사 : 2020.12.11
  • 발행 : 2020.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

성적공개용으로 모은 네 자리 숫자 비밀번호들의 재사용에 관한 1차 조사 연구의 보완과 정도를 높이기 위해, 2012부터 2017년까지, 6년 동안 1차 조사의 2배 가까운 2392개를 수집하는 2차 조사를 실시하였다. 분석 결과, 비밀 번호사용개수가 많아지면 재사용 비율이 높아질 수 있다는 것, 재사용 시 사용번호 개수가 최대 4개인 점과 같은 사용처라도 개인별 성향 차이가 존재할 수 있다는 1차 조사 때 얻을 수 없던 결과들이 포함되는 성과를 얻었다. 이러한 2차 조사 결과들은 숫자뿐 아니라 문자, 특수문자까지 혼합하여 사용하는 일반 패스워드들의 재사용에 관한 외국의 연구결과들과도 대부분 유사하였다. 본 2차 사례 연구결과, 자료 수집이 불가능한 국내 패스워드들의 재사용실태를 간접적으로나마 유추할 수 있는 계기를 제공하게 되었으며, 주기적변경과 같은 패스워드 보안을 위한 관리규약은 오히려 재사용 비율을 높일 수 있다는 외국의 연구 사례가 국내 상황에도 적용될 수 있을 것이라는 추론의 가능성도 얻게 되었다.

This second survey, which collected 2392 disclosing grades data for 2012~ 2017, nearly twice the first survey, was conducted to supplement the result of the first survey on the reuse of 4-digit passcodes(PCs) data. In addition of second survey, we found that the more number of used PCs, the higher reuse rate, up to 4 numbers of PCs were used for reusing and there may be personal differences even on the single site. The results of this paper that were not available in the first survey were close to the those of foreign research on the reuse of passwords using a mixture of numbers, letters and special characters. This second survey provided an inference that an opportunity to indirectly approach the domestic situation of re-using password, where data collection is impossible and that domestic regulation such as periodic change of password may increase the re-using password.

키워드

참고문헌

  1. L.T. Ha and D.J. Choi, "Biometrics-based Key Generation Research: Accomplishments and Challenges," Smart Media Journal, vol. 6, no. 2, pp. 15-25, 2017.
  2. H.T. Tran, I.S. Na, Y.C. Kim and S.H. Kim, "Human Face Tracking and Modeling using Active Appearance Model with Motion Estimation," Smart Media Journal, vol. 6, no. 3, pp. 49-56, 2017.
  3. D.N. Tai, S.H. Kim, G.S. Lee, H.J. Yang, I.S. Na and A.R. Oh, "Tracking by Detection of Multiple Faces using SSD and CNN Features," Smart Media Journal, vol. 7, no. 4, pp. 61-69, 2018. https://doi.org/10.30693/SMJ.2018.7.4.61
  4. B. Bostjan, T. Viktor, "Moore's curse on textual passwords," 38th International Convention on Information and Communication Technology, Electronics and Microelectronics(MIPRO), pp. 25-29, 2015.
  5. P. G. Inglesant & M. A. Sasse. "The true cost of unusable password policies: Password use in the wild," In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 383-392, 2010.
  6. D. Florencio, & C. Herley. "A large scale study of web password habits," In Proceedings of the 16th International Conference on World Wide Web, pp. 657-666, 2007.
  7. S. K. Moon. "An Empirical study on the analysis of the re-using of four-digit personal identification numbers -A university case," Journal of Digital Policy & Management, vol. 11, no. 10, pp. 737-746, 2013.
  8. R. Shay, S. Komanduri, P. G. Kelley, L. Bauer, P. G. Leon, N. Christin, M. L. Mazur & L. F. Cranor, "Encountering stronger password requirements: User attitudes and behaviors," Symposium on Usable Privacy and Security (SOUPS), July, pp. 14-16, 2010.
  9. A. S. Brown, E. Bracken, S. Zoccoli & K. Douglas, "Generating and remembering passwords," Applied Cognitive Psychology, 18, pp. 641-651, 2004. https://doi.org/10.1002/acp.1014
  10. G. Beate & J. Hilary, "Using and managing multiple passwords : A Week to a View," Interacting with Computers, 23, pp. 256-267, 2011. https://doi.org/10.1016/j.intcom.2011.03.007
  11. Bersch, C. Outdated, "insecure passwords are losing money for Internet businesses," Communications News, 37, pp. 10-11, 2000.
  12. R. Dhamija & A. Perrig, "Deja vu: a user study. Using images for authentication," Proceedings of the 9th USENIX Security Symposium, Denver, Colorado. 2000.
  13. S. Komanduri, et al., "Of passwords and people: Measuring the effect of password composition policies," In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595-2604, 2011.
  14. A. Adams & M. A. Sasse, "Users are not the enemy," Communications of the ACM, vol. 42, no. 12, pp. 40-46, 1999. https://doi.org/10.1145/322796.322806
  15. Most common iPhone passcodes(2011), http://amitay.us/blog/files/most_common_iphone_passcodes.php (accessed Apr., 24, 2013).
  16. S. K. Moon, "A case study on comparative analysis of four-digit passwords usage type before and after using smart phone," Journal of Convergence for Information Technology, vol. 8, no. 7, pp. 615-622, 2018. https://doi.org/10.4156/jcit.vol8.issue7.77