| 1. |
- Kävrestad, Joakim, 1989-, et al.
(author)
-
Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage
- 2019
-
In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019). - : University of Plymouth Press. - 9780244190965 ; , s. 155-165
-
Conference paper (peer-reviewed)abstract
- Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.
|
|
| 2. |
- Kävrestad, Joakim, 1989-, et al.
(author)
-
Users perception of using CBMT for information security training
- 2019
-
In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019). - : University of Plymouth Press. - 9780244190965 ; , s. 122-131
-
Conference paper (peer-reviewed)abstract
- It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.
|
|
