Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining - ICT Systems Security and Privacy Protection
Conference Papers Year : 2020

Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining

Joakim Kävrestad
  • Function : Author
  • PersonId : 1117585
Marcus Nohlberg
  • Function : Author
  • PersonId : 1117586

Abstract

In this paper, we describe and evaluate how the learning framework ContextBased MicroTraining (CBMT) can be used to assist users to create strong passwords. Rather than a technical enforcing measure, CBMT is a framework that provides information security training to users when they are in a situation where the training is directly relevant. The study is carried out in two steps. First, a survey is used to measure how well users understand password guidelines that are presented in different ways. The second part measures how using CBMT to present password guidelines affect the strength of the passwords created. This experiment was carried out by implementing CBMT at the account registration page of a local internet service provider and observing the results on user-created passwords. The results of the study show that users presented with passwords creation guidelines using a CBMT learning module do understand the password creation guidelines to a higher degree than other users. Further, the experiment shows that users presented with password guidelines in the form of a CBMT learning module do create passwords that are longer and more secure than other users. The assessment of password security was performed using the zxcvbn tool, developed by Dropbox, that measures password entropy.
Fichier principal
Vignette du fichier
497034_1_En_7_Chapter.pdf (522.26 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03440869 , version 1 (22-11-2021)

Licence

Identifiers

Cite

Joakim Kävrestad, Marcus Nohlberg. Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining. 35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.95-108, ⟨10.1007/978-3-030-58201-2_7⟩. ⟨hal-03440869⟩
40 View
68 Download

Altmetric

Share

More