Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Analyzing the usage of character groups and keyboard patterns in password creation
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Informationssystem, Information Systems (IS))ORCID iD: 0000-0003-2084-9119
University of Skövde, School of Informatics.
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Informationssystem, Information Systems (IS))ORCID iD: 0000-0001-5962-9995
2020 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 28, no 3, p. 347-358Article in journal (Refereed) Published
Abstract [en]

Purpose

Using passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of increasing security, a practice commonly used in penetration testing. Further, in the discipline of digital forensics, password cracking is often an essential part of a computer examination as data has to be decrypted to be analyzed. This paper seeks to look into how users that actively encrypt data construct their passwords to benefit the forensics community.

Design/methodology/approach

The study began with an automated analysis of over one billion passwords in 22 different password databases that leaked to the internet. The study validated the result with an experiment were passwords created on a local website was analyzed during account creation. Further a survey was used to gather data that was used to identify differences in password behavior between user that actively encrypt their data and other users.

Findings

The result of this study suggests that American lowercase letters and numbers are present in almost every password and that users seem to avoid using special characters if they can. Further, the study suggests that users that actively encrypt their data are more prone to use keyboard patterns as passwords than other users.

Originality/value

This paper contributes to the existing body of knowledge around password behavior and suggests that password-guessing attacks should focus on American letters and numbers. Further, the paper suggests that forensics experts should consider testing patterns-based passwords when performing password-guessing attacks against encrypted data.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2020. Vol. 28, no 3, p. 347-358
Keywords [en]
computer security, security, encryption, usage, password
National Category
Computer and Information Sciences
Research subject
INF303 Information Security; Information Systems
Identifiers
URN: urn:nbn:se:his:diva-18153DOI: 10.1108/ICS-11-2019-0132ISI: 000552317600002Scopus ID: 2-s2.0-85078293628OAI: oai:DiVA.org:his-18153DiVA, id: diva2:1387307
Available from: 2020-01-21 Created: 2020-01-21 Last updated: 2022-12-28Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Kävrestad, JoakimZaxmy, JohanNohlberg, Marcus

Search in DiVA

By author/editor
Kävrestad, JoakimZaxmy, JohanNohlberg, Marcus
By organisation
School of InformaticsInformatics Research Environment
In the same journal
Information and Computer Security
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 637 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf