his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Understanding passwords – a taxonomy of password creation strategies
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Informationsystem, Information Systems)
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Informationsystem, Information Systems)
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Informationsystem, Information Systems)
2019 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, no 3, p. 453-467Article in journal (Refereed) Published
Abstract [en]

Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2019. Vol. 27, no 3, p. 453-467
Keywords [en]
Computer security, Strategies, Passwords, Classification, Categorization
National Category
Computer and Information Sciences
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-17203DOI: 10.1108/ICS-06-2018-0077ISI: 000479219900008Scopus ID: 2-s2.0-85066986036OAI: oai:DiVA.org:his-17203DiVA, id: diva2:1327440
Available from: 2019-06-19 Created: 2019-06-19 Last updated: 2019-08-23Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Kävrestad, JoakimEriksson, FredrikNohlberg, Marcus

Search in DiVA

By author/editor
Kävrestad, JoakimEriksson, FredrikNohlberg, Marcus
By organisation
School of InformaticsThe Informatics Research Centre
In the same journal
Information and Computer Security
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 15 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf