A password is a critical part of network and information technology. Primarily, passwords serve as authentication methods for protecting people accounts. However, if a password is poorly chosen or compromised is likely to risk the entire network. A high percentage of users do not understand that having the right password and password management are essential to information systems. Using a password is the first step of ensuring security as acknowledged by these claims: “We are secure! We use passwords!” though having or using a password policy in this com-putting world is not enough, to keep the accounts secure, people ought to understand and practice the policies.
Table of Contents
Strategy of Password
Information and computer security is a crucial issue in this age of IT revolution, especially when the entire world has a connection to the internet. Relying on a confidential and secure connection is important, as users are becoming dependent on electronic media and computers to access the internet. As a result, security is the best option when it comes to keeping direct and indirect attackers. Security areas widely used today include firewalls, cryptography, access control, intrusion detection systems, identification, and authentication. The common and mostly used ubiquitous identification method by users to access systems is authentication. However, personal digital signature and biometric information have been developed to tighten security apart from the widely spread authentication. The security method involves a combination of password and username.
A password plays a significant role in the web life of a user for it is a universal means for gaining access to any protected user account. Examples of where a password is mostly used include bank accounts, Emails, social networking, and portals. The password could be a simple text, design pattern, or a biometric image. Text passwords are combinations of alphanumerical characters and have dominated human-computer authentication for the last six decades. The rate at which password are subjected to attacks increases daily since they are protectors of accounts having valuable assets. Phishing attacks involve cases where users are lured into submitting their information like password, username, or details of a credit card while masquerading as a trustworthy entity (Liu, Zhai, & Ji, 2017). Shoulder-surfing is where another person gains access to the account of another after looking over the shoulder of the victim while he or she is typing the password.
Passwords are more secure when they include non-dictionary words, when longer, or when a user devices his encrypted passwords. Often people tend to forget long passwords, therefore, following the password policy is the best solution here. The policy is vital since it directs the user on the length required for the password, the case letters the user should use to ensure the password is more secure, and periodical changing of password to so as not to be victims of brute force attack (Saiz-Alvarez & Leal, 2017). An attack on the password is possible by continuously trying different combinations of password that are common among many users and all dictionary words.
Below are the problem statements in this research:
The problem statements are addressed through the password habits collected from different users across different age groups. An important aspect of the collection is following Password policy by incorporating the policy meant to establish rules of password creation, safeguard, and terminate the user’s authentication.
A password is a key to security; it prevents unauthorized access into accounts and personal data of other people. Using a password is the cheapest way of securing an account, and this is why the name is common in people’s daily life. Having in mind human and technical system aspects is a must when a user is considering a password authentication (Liu et al., 2017). Password authentication is the easiest way of accessing systems, while modest techniques such as one time passwords are common to banks, corporate, and government virtual networks to secure user accounts, whereas regular passwords are used everywhere by users on their accounts (Ruan, Zhang, & Chen, 2017). Therefore, users should be sensitized on the importance of a regular password, and embrace the password policy to ensure they create strong passwords. A weak password is not a result of carelessness but is a result of a weak password policy. The weak policy does not initiate the creation of a strong password when a user creates a short or dictionary password.
Besides the use of the weak password, there is another mistake that users do; reusing password. According to Saiz-Alvarez and Leal (2017), password reuse could be a gateway of accessing another account of the same since the password used is the same. The challenge of reusing a password cannot be prevented but could be avoided if a user is advised accordingly. Password reuse is common among many users because it is easy to remember one password (Ruan et al., 2017). Additionally, there is an argument that a password should not be written down nor possible to remember. Many users are addicts of writing down passwords and leaving them either below keyboards or on the tableside, while others prefer keeping sticky notes on their purses.
The best ways of determining how users manage their passwords is through surveys. For instance, a survey done in 1979 on 3290 passwords revealed that 89% of users use weak passwords. The reason behind the weak passwords was because users lack knowledge of password policy. In 1989 another survey done on passwords in a university) involved 6226 students and university staff (Riggan et al., 2014). The findings here were not as bad as that in the first survey. The survey disclosed that 72% of users had dictionary words and short passwords (Riggan et al., 2014). The next survey was done in 2004 among 218 students from Southern Methodist University (Riggan et al., 2014). The findings of the research were not impressive, as 92.9 % of the participants used the same password in multiple accounts.
The recent survey was in 2006, conducted on 49 university students from Princeton University. Same to the students in the 2004 survey, the students here also reused passwords. Surprisingly, the students acknowledge that password reuse is a big problem in the future but still used the same password for multiple accounts (Ruan et al., 2017). Conducting survey is very helpful; it does not only disclose how the user manages their passwords but also creates more awareness of password security and its importance on the users (Yeboah-Boateng, 2018). A participant of a survey may not be aware of the policies but after doing the survey he or she is likely to be enlightened by the survey, which is a remarkable revelation as there are high chances that the participant will now abide by the password policy and management strategies.
The main goal of this research is to determine the password strategies used by people, especially if they follow the password policy.
Every user should be sensitized on password security. In the current world of computing, securing passwords is one of the most important things. A user should make sure his/her passwords are secure, especially bank credit card passwords (Liu et al., 2017). Many users who are not aware of the password policy use the same password on low sensitive accounts and high sensitive accounts. Misunderstanding the difference between low and high sensitive accounts is also the cause of password reuse. While creating a password, it is advisable that a user follows the password policy.
The methods users use to choose passwords vary from one user to the other. Many users choose passwords that they can remember easily and not that can be attacked easily (Ruan et al., 2017). Moreover, some of the users use the same pattern to create passwords for all their accounts. The same format for all passwords makes it easy to remember passwords, and thus, they do not need to write anything down even if they change passwords regularly (Saiz-Alvarez & Leal, 2017). Some users also reuse passwords a few months after they have changed new passwords, which make it easier for them to recall the passwords. From this, it is clear that users employ different methods when choosing a password.
Some specific policies of passwords prove to be problematic to users when they are creating accounts. The following are the common problems users face:
Some users do not abide by the policies, which make them create passwords out of their ideas without incorporating the requirements of the password policy. Doing this, the users risk their accounts by letting their accounts have password below the required password standards (Saiz-Alvarez & Leal, 2017). Other few users just create passwords without even reading the policies that govern the creation of the password (Yeboah-Boateng, 2018). Not reading the policies is because some websites give their policies in long paragraphs that will consume a lot of time if they are to read the policies. This could be even more challenging if the user has limited time (Liu et al., 2017). Due to this, every website should make sure that their policies are short and precise and if possible, they should highlight important policies. When they do this, it will be easier for a user to read and follow the policies to the latter.
A password is an important component when it comes to securing computer systems; however, they are not the only solutions. There are other options like fingerprints, facial scans, retina and iris scans, and hand geometry. Others might incorporate voice and signature pattern. Though the use of a password is not the only solution, it is one of the best solutions, and this is why password policies are essential. The policies secure the users account since their recommendations promise security: a strong password, no storing passwords, and enforcing automatic systems to lock after a certain interval of time when not in use. Users should be helped to understand the low sensitive and high sensitive accounts together with their importance and use one password for one account and not for two or more accounts. Creating strong passwords is not a welcomed idea among many because they are required to combine lower and upper case characters with numerals and symbols. The user could be forced to create a password that she might not remember easily, and the only option here is to write down the password to avoid forgetting the password. Following the policies also prevent users from creating weak passwords, and using personal information or dictionary words as passwords. Some users know how to create strong passwords; however, they use the same one password on multiple accounts mixing low and high sensitive accounts.
The increase in securing information and systems is bound to improve the emphasis put on passwords. A user can have up to ten accounts and have different passwords for every account; the user ought to device a way that could help her remember all the passwords. As a result of this, they opt for passwords they can easily recall, and often such passwords are less secure and doubtlessly below the policy standards. Majority of the users still store passwords in unencrypted form or written form. Networking sites and organizations ought to warn users against using weak passwords, sharing, or storing passwords. The sensitizations are meant to create awareness on password security. After that, users can make the best choices when selecting passwords.
Users have to choose strong passwords. A strong password is a creative password that incorporates other criteria such as the use of paraphrase instead of a password, change passwords at least after every six months, not sharing passwords with other people, and of course no reusing passwords. From the survey, it is evident that many people have one password for all the accounts they have. Authentication is also crucial. A user should be aware of policies like automatic password reset and locking of account when wrong a password is given thrice. The measures prevent brute force attacks from hackers who try accessing other people accounts using different password combinations.
Each person wants a cheaper method to remember his or her password. The research helps users to understand that creating a weak password or reusing password is a solution for forgetfulness, but they are risking their accounts. Future work aims to check if users adhere to authentication techniques. Paraphrase could also be used instead of character or word password, and this would be easier since a user will only need to memorize a poem, rhyme, a favorite song, or any other sentence using its last or first character to create a password. Another consideration is the use of a unique username. Keeping usernames secret will strengthen security since they will be secret like the passwords.
Liu, Y., Zhai, W., & Ji, S. (July 01, 2017). Research on Campus Network Security Problem and Protection Strategy. International Journal of Advanced Pervasive and Ubiquitous Computing (ijapuc), 9, 3, 15-31.
Riggan, B. S., Wang, C., Snyder, W. E., & SpringerLink (Online service). (2014). Fundamentals of Sketch-Based Passwords: A General Framework. (Springer eBooks.) Cham: Springer International Publishing.
Ruan, O., Zhang, M., & Chen, J. (January 01, 2017). Leakage-Resilient Password-Based Authenticated Key Exchange.
Saiz-Alvarez, J. M., & Leal, G. C. (January 01, 2017). Cybersecurity Best Practices and Cultural Change in Global Business.
Yeboah-Boateng, E. O. (January 01, 2018). Cyber-Security Concerns With Cloud Computing.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more