Alsharif, M., Mishra, S., & AlShehri, M. (2021, June 8). Impact of Human Vulnerabilities on Cybersecurity. Computer Systems Science & Engineering, 40(3), 1153-1166.
Burmeister, A., Burmeister Nurse Researcher, E. B., & Aitken RN, L. M. (2012, July 26). Sample size: How many is enough? Official journal of the Australian College of Critical Care Nurses Ltd, 25(4), P271-274.
Campbell, K. B. (2006, November). "User behaviours associated with password security and management.,". ustralasian Journal of Information Systems, vol. 14(no. 1), pp. 81-100.
Choong, Y. Y. (2014). A cognitive-behavioral framework of user password management lifecycle. In Human Aspects of Information Security, Privacy, and Trust: Second International Conference, HAS 2014, Held as Part of HCI International 2014 (pp. pp. 127-137). Heraklion, Crete, Greece: Springer International Publishing.
Eve, M. P. (2016). Password. Bloomsbury Academic.
Ezugwu, A., Ukwandu, E., Ugwu, C., Ezema, M., Olebara, C., Ndunagu, J., . . . Ome, U. (2023, May). Password-Based Authentication and The Experiences of End Users. Scientific African 21, e01743.
Gangwal, A., Singh, S., & Srivastava, A. (2023, April). AutoSpill: Credential Leakage from Mobile Password Managers. In Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy, 39-47.
(2022). IBM X-Force Threat Intelligence Index. IBM.
Israel, G. D. (1992). Determining sample size.
Karole, A., Saxena, N., & Christin, N. (n.d.). A comparative usability evaluation of traditional password managers. In Information Security and Cryptology-ICISC 2010: (pp. pp. 233-251). 13th International Conference, Seoul, Korea, December 1-3, 2010, Revised Selected Papers 13: Springer Berlin Heidelberg.
Merdenyan, B., & Petrie, H. (2022, January). Two studies of the perceptions of risk, benefits and likelihood of undertaking password management behaviours. Behaviour & Information Technology, 41(12), 2514-2527.
N. S. Narayanaswamy, V. R. (2016). "Online Survey Tools: A Case Study of Google Forms,".
Nag, M. B., & Ahmad Malik, F. (2023, January 2). Data analysis and interpretation. In Repatriation Management and Competency Transfer in a Culturally Dynamic World, 93-140.
Otta, S. P., Panda, S., Gupta, M., & Hota, C. (2023, April 10). A Systematic Survey of Multi-Factor Authentication for Cloud Infrastructure. Future Internet, 15(4), 146.
(2023). Password Usage and Security Report. Dashlane.
Riley, S. (2006, February). "Password security: What users know and what they actually do.,". Usability News, vol. 8(no. 1), pp. 2833-2836.
Scarfone, K., & Souppaya, M. (2009). Guide to enterprise password management (draft). . NIST special publication, 38.
Sporild, M. (2007). "Method for evaluating authentication system quality,". Gjøvik: Faculty of Computer Science and Media Technology, Gjøvik University College.
Stobert, E., & Biddle, R. (2015). Expert password management. In Technology and Practice of Passwords. 9th International Conference, PASSWORDS 2015, (pp. pp. 3-20). Cambridge, UK: Springer International Publishing.
Tam, L., Glassman, M., & Vandenwauver, M. (2009, July 31). The psychology of password management: a tradeoff between security and convenience. Behaviour & Information Technology, 29(3), 233–244. Retrieved from https://doi.org/10.1080/01449290903121386
The Importance of Password Security. (2024, April). Retrieved April 2024, from https://www.linkedin.com/posts/clyrofor_clyrofor-keepingitlocked-cybersecurity-activity-7179356692025860096-TA1U/
Ugwu, C., Ani, C., Ezema, M., Asogwa, C., Ome, U., Obayi, A., . . . Ukwandu, E. (2022, April). Towards Determining the Effect of Age and Educational Level on Cyber-Hygiene. In 2022 IEEE Nigeria 4th International Conference on Disruptive Technologies for Sustainable Development (NIGERCON), 1-5.
Verizon. (2023). Data Breach Investigations Report (DBIR). Verizon.
Wang, Q., & Wang, D. (2022). Understanding failures in security proofs of multi-factor authentication for mobile devices. IEEE Transactions on Information Forensics and Security, 18, 597-612.
Zimmermann, V., Marky, K., & Renaud, K. (2022, March). Hybrid password meters for more secure passwords–a comprehensive study of password meters including nudges and password information. Behaviour & Information Technology, 42(6), 700-743.
- Abstract viewed - 171 times
- Pdf downloaded - 113 times
Affiliations
Suren Krishnan
Universiti Utara Malaysia
Maslinda Mohd Nadzir
School of Computing, Universiti Utara Malaysia
How to Cite
A Preliminary Study of Human Vulnerabilities in User Password Asset Management
Vol 7 No 3 (2024): September
Submitted: Aug 18, 2024
Published: Sep 2, 2024
Abstract
Human weaknesses often compromise effective user password management, posing serious hazards despite being a fundamental component of digital security. This study analyse human vulnerabilities in user password asset management. Reusing passwords and creating weak passwords are common factors examined. The study was conducted in three phases: planning, design and development, and data analysis. A questionnaire was distributed to 134 samples from an information technology organisation in Singapore. Statistical analysis of the survey identified key aspects contributing to these vulnerabilities, including human behaviour in password management practices. The examination of existing password practices indicates notable discrepancies that are impacted by user behaviour, underscoring the necessity of better policies and education to strengthen password security. The analysis highlights the influence of user behaviour, has on these methods' efficacy and shows how important human factors are to the security. The assessment of substitute authentication techniques has demonstrated that these technologies can significantly reduce cybersecurity risks associated with human interaction. Emerging issues in cybersecurity will require a combination of improved password restrictions, user education, and sophisticated user-friendly authentication techniques.