{"title":"评估用户构建强密码能力的情境感知用户界面:概念架构","authors":"Eliana Stavrou","doi":"10.1109/CyberSA.2017.8073385","DOIUrl":null,"url":null,"abstract":"Text-based passwords are still one of the main techniques to authenticate the users. Although a variety of measures (e.g. awareness activities, password-strength checkers, password-composition policies, etc.) are taken to prevent users from selecting weak passwords, the problem remains. A main factor that leads to weak passwords is the lack of awareness on what constitutes a strong password. Organizations should assess the users' ability to construct a strong password through the assessment of their password's strength, and taking into consideration the users' practices that are typically applied when selecting a password. In this way, organizations can be aware of the situation, that is, if their users follow good or bad password construction practices. Depending on the practice utilized, the organization's security level can be affected. Bad password construction practices can lead to weak passwords which can increase the risk of unauthorized access. Therefore, organizations should target for good practices to be utilized by their users in an effort to decrease the possibility of unauthorized access. A typical way to assess a password's strength is by trying to crack it using password cracking tools. An assessor, e.g. system administrator, requires a fair amount of knowledge on how password cracking tools operate and need to be configured. Also, it is essential to be aware of the bad practices that users typically utilize. Such knowledge is not always present. Furthermore, these tools and their respective graphical user interface, have not been designed with the objective of assessing the users' awareness level against bad password construction practices. This paper proposes a conceptual architecture to assist in designing a situation-aware user interface to assess users' ability to construct a password that is not easily crackable. An initial mock prototype has been developed to realize the proposed architecture and identify the main features of the user interface.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A situation-aware user interface to assess users' ability to construct strong passwords: A conceptual architecture\",\"authors\":\"Eliana Stavrou\",\"doi\":\"10.1109/CyberSA.2017.8073385\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Text-based passwords are still one of the main techniques to authenticate the users. Although a variety of measures (e.g. awareness activities, password-strength checkers, password-composition policies, etc.) are taken to prevent users from selecting weak passwords, the problem remains. A main factor that leads to weak passwords is the lack of awareness on what constitutes a strong password. Organizations should assess the users' ability to construct a strong password through the assessment of their password's strength, and taking into consideration the users' practices that are typically applied when selecting a password. In this way, organizations can be aware of the situation, that is, if their users follow good or bad password construction practices. Depending on the practice utilized, the organization's security level can be affected. Bad password construction practices can lead to weak passwords which can increase the risk of unauthorized access. Therefore, organizations should target for good practices to be utilized by their users in an effort to decrease the possibility of unauthorized access. A typical way to assess a password's strength is by trying to crack it using password cracking tools. An assessor, e.g. system administrator, requires a fair amount of knowledge on how password cracking tools operate and need to be configured. Also, it is essential to be aware of the bad practices that users typically utilize. Such knowledge is not always present. Furthermore, these tools and their respective graphical user interface, have not been designed with the objective of assessing the users' awareness level against bad password construction practices. This paper proposes a conceptual architecture to assist in designing a situation-aware user interface to assess users' ability to construct a password that is not easily crackable. An initial mock prototype has been developed to realize the proposed architecture and identify the main features of the user interface.\",\"PeriodicalId\":365296,\"journal\":{\"name\":\"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2017.8073385\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2017.8073385","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A situation-aware user interface to assess users' ability to construct strong passwords: A conceptual architecture
Text-based passwords are still one of the main techniques to authenticate the users. Although a variety of measures (e.g. awareness activities, password-strength checkers, password-composition policies, etc.) are taken to prevent users from selecting weak passwords, the problem remains. A main factor that leads to weak passwords is the lack of awareness on what constitutes a strong password. Organizations should assess the users' ability to construct a strong password through the assessment of their password's strength, and taking into consideration the users' practices that are typically applied when selecting a password. In this way, organizations can be aware of the situation, that is, if their users follow good or bad password construction practices. Depending on the practice utilized, the organization's security level can be affected. Bad password construction practices can lead to weak passwords which can increase the risk of unauthorized access. Therefore, organizations should target for good practices to be utilized by their users in an effort to decrease the possibility of unauthorized access. A typical way to assess a password's strength is by trying to crack it using password cracking tools. An assessor, e.g. system administrator, requires a fair amount of knowledge on how password cracking tools operate and need to be configured. Also, it is essential to be aware of the bad practices that users typically utilize. Such knowledge is not always present. Furthermore, these tools and their respective graphical user interface, have not been designed with the objective of assessing the users' awareness level against bad password construction practices. This paper proposes a conceptual architecture to assist in designing a situation-aware user interface to assess users' ability to construct a password that is not easily crackable. An initial mock prototype has been developed to realize the proposed architecture and identify the main features of the user interface.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
