Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.4.961

A Case Study of Password Usage for Domestic Users  

Kim, Seung-Yeon (Graduate School of Information, Yonsei University)
Kwon, Taekyoung (Graduate School of Information, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.4, 2016 , pp. 961-972 More about this Journal
Abstract
For securing password-based authentication, a user must select and manage a strong password that has sufficient length and randomness. Unfortunately, however, it is known that many users are likely to choose easy-to-remember weak passwords and very poorly manage them. In this paper, we study a domestic user case of password selection and management. We conducted a survey on 327 domestic users and analyzed their tendency on password creation and update strategies, and also on the password structure and account management. We then analyzed an effect of a server's password creation rule on a structure of a user-chosen password. Our findings include that there are password structures and special characters that users significantly prefer while the effect of server's password creation rule is insignificant.
Keywords
Password; authentication;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 J. Abbott and V.M. Garcia, "Password differences based on language and testing of memory recall," NNGT Int J. on Information Security, vol. 2, pp. 1-6, Feb. 2015.
2 J. Bonneau, "The science of guessing: analyzing an anonymized corpus of 70 million passwords," Proceedings of the 33th IEEE Symposium on Security and Privacy, pp. 538-552, May. 2012.
3 R. Chatterjee, A. Athalye, D. Akhawe, A. Juels and T. Ristenpart, "pASSWORD tYPOS and How to Correct Them Securely," Proceedings of the 37th IEEE Symposium on Security and Privacy, pp. 799-818, May, 2016.
4 A. Das, J. Bonneau, M. Caesar, N. Borisov and X.F. Wang, "The tangled web of password reuse," Proceedings of the Network and Distributed System Security Symposium, Feb. 2014.
5 D. Florencio and C. Herley, "A Large-Scale Study of Web Password Habits," Proceedings of the 16th international conference on World Wide Web. ACM, pp. 657-666, May, 2007.
6 A. Hang, A. De Luca, M. Smith, M. Richter and H. Hussmann, "Where Have You Been? Using Location-Based Security Questions for Fallback Authentication," Proceedings of the Symposium on Usable Privacy and Security, pp 169-183, July. 2015.
7 N. Karapanos, C. Marforio, C. Soriente, and S. Capjun, "Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound," Proceedings of the 24th USENIX Security Symposium, pp. 483-498, Aug. 2015.
8 S.Y. Kim and T.K. Kwon, "A Study of Interpretation Effect of Passwords to Password Generation," Journal of the Korea Institute of Information Security and Cryptology, 25(2), pp. 1235-1243, Oct. 2015   DOI
9 Z. Li and W. Han, "A Large-Scale Empirical Analysis of Chinese Web Passwords," Proceedings of the 23rd USENIX Security Symposium, pp. 559-574, Aug. 2014.
10 R. Morris and K. Thompson, "Password security: A case history," Communications of the ACM, vol. 22, no. 11, pp. 594-597, 1979.   DOI
11 C. Rinn, K. Summers, E. Rhodes, J. Virothaisakun and D. Chisnell, "Password Creation Strategies Across High- and Low- Literacy Web Users," Proceedings of the 78th Association for Information Science and Technology vol. 52, no. 1, 2015.
12 R. Shay, S. Komanduri, P.G. Kelly, P.G. Leon, M.L. Mazurek, L. Bauer, N.Christin, and L.F. Cranor "Encountering stronger password requirements: user attitudes and behaviors," Proceedings of the Symposium on Usable Privacy and Security, pp. 243-255, July. 2014.
13 W. Wang, H. Wang and Y. Meng, "A Large-scale Survey on Password Habits of Internet Users in China," Jounal of Convergence Information Technology, vol. 8, no. 4, pp. 71-80, 2013.   DOI
14 E. Stobert and R. Biddle, "The password life cycle: user behaviour in managing passwords," Proceedings of the Symposium on Usable Privacy and Security, pp. 243-255, July. 2014.
15 B. Ur, F. Noma, J. Bees, S. M. segreti, R. Shay, L. Bauer, N. Christin, and L.F. Cranor, "I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab," Proceedings of the 11th Annual Symposium on Usable Privacy and Security, pp. 123-140, July. 2015.
16 R. Veras, C. Collins, and J. Thorpe, "On the semantic patterns of passwords and their security impact," Proceedings of the Network and Distributed System Security Symposium, Feb. 2014.
17 Korea Internet & Security Agency, "Password choice and using guidance," 2008.
18 The reinforcement of authorized certificate rule : http://www.yessign.or.kr/commo n/popup/home/28.do
19 How to Create a Secure & Memorable Password : http://www.ahnlab.com/kr /site/securityinfo/secunews/secuNewsView.do?seq=24062