• Title/Summary/Keyword: Password Selection

Search Result 7, Processing Time 0.022 seconds

A Study on the Factors Affecting the Information Systems Security Effectiveness of Password (패스워드의 정보시스템 보안효과에 영향을 미치는 요인에 관한 연구)

  • Kim, Jong-Ki;Kang, Da-Yeon
    • Asia pacific journal of information systems
    • /
    • v.18 no.4
    • /
    • pp.1-26
    • /
    • 2008
  • Rapid progress of information technology and widespread use of the personal computers have brought various conveniences in our life. But this also provoked a series of problems such as hacking, malicious programs, illegal exposure of personal information etc. Information security threats are becoming more and more serious due to enhanced connectivity of information systems. Nevertheless, users are not much aware of the severity of the problems. Using appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. The purpose of this research is to empirically analyze a research model which includes a series of factors influencing the effectiveness of passwords. The research model incorporates the concept of risk based on information systems risk analysis framework as the core element affecting the selection of passwords by users. The perceived risk is a main factor that influences user's attitude on password security, security awareness, and intention of security behavior. To validate the research model this study relied on questionnaire survey targeted on evening class MBA students. The data was analyzed by AMOS 7.0 which is one of popular tools based on covariance-based structural equation modeling. According to the results of this study, while threat is not related to the risk, information assets and vulnerability are related to the user's awareness of risk. The relationships between the risk, users security awareness, password selection and security effectiveness are all significant. Password exposure may lead to intrusion by hackers, data exposure and destruction. The insignificant relationship between security threat and perceived risk can be explained by user's indetermination of risk exposed due to weak passwords. In other words, information systems users do not consider password exposure as a severe security threat as well as indirect loss caused by inappropriate password. Another plausible explanation is that severity of threat perceived by users may be influenced by individual difference of risk propensity. This study confirms that security vulnerability is positively related to security risk which in turn increases risk of information loss. As the security risk increases so does user's security awareness. Security policies also have positive impact on security awareness. Higher security awareness leads to selection of safer passwords. If users are aware of responsibility of security problems and how to respond to password exposure and to solve security problems of computers, users choose better passwords. All these antecedents influence the effectiveness of passwords. Several implications can be derived from this study. First, this study empirically investigated the effect of user's security awareness on security effectiveness from a point of view based on good password selection practice. Second, information security risk analysis framework is used as a core element of the research model in this study. Risk analysis framework has been used very widely in practice, but very few studies incorporated the framework in the research model and empirically investigated. Third, the research model proposed in this study also focuses on impact of security awareness of information systems users on effectiveness of password from cognitive aspect of information systems users.

A Novel Hybrid Algorithm Based on Word and Method Ranking for Password Security

  • Berker Tasoluk;Zuhal Tanrikulu
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.3
    • /
    • pp.161-168
    • /
    • 2023
  • It is a common practice to use a password in order to restrict access to information, or in a general sense, to assets. Right selection of the password is necessary for protecting the assets more effectively. Password finding/cracking try outs are performed for deciding which level of protection do used or prospective passwords offer, and password cracking algorithms are generated. These algorithms are becoming more intelligent and succeed in finding more number of passwords in less tries and in a shorter duration. In this study, the performances of possible password finding algorithms are measured, and a hybrid algorithm based on the performances of different password cracking algorithms is generated, and it is demonstrated that the performance of the hybrid algorithm is superior to the base algorithms.

A Case Study of Password Usage for Domestic Users (국내 사용자의 패스워드 사용 현황 분석)

  • Kim, Seung-Yeon;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.4
    • /
    • pp.961-972
    • /
    • 2016
  • For securing password-based authentication, a user must select and manage a strong password that has sufficient length and randomness. Unfortunately, however, it is known that many users are likely to choose easy-to-remember weak passwords and very poorly manage them. In this paper, we study a domestic user case of password selection and management. We conducted a survey on 327 domestic users and analyzed their tendency on password creation and update strategies, and also on the password structure and account management. We then analyzed an effect of a server's password creation rule on a structure of a user-chosen password. Our findings include that there are password structures and special characters that users significantly prefer while the effect of server's password creation rule is insignificant.

A Study on Relationships Between Information Systems Risk and Password Characteristics (정보 시스템 위험과 패스워드 특성간의 관계에 대한 연구)

  • 오창규;김종기;심윤주
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.8 no.1
    • /
    • pp.62-74
    • /
    • 2003
  • Information security becomes a critical attribute to corporate information systems as increased strategic an operational reliance on information systems. Current proliferation of password requires more attention on information security because its nature of external connection with password user makes information systems more vulnerable from various threats are an important element of information systems management. This study focused on two issues : (1) the relationships between risk management factors(asset, threat, vulnerability) and risk level affected by threat, (2) the relationships between risk level and key password characteristics(length, composition, lifetime, selection method).

  • PDF

Linear SVM-Based Android Malware Detection and Feature Selection for Performance Improvement (선형 SVM을 사용한 안드로이드 기반의 악성코드 탐지 및 성능 향상을 위한 Feature 선정)

  • Kim, Ki-Hyun;Choi, Mi-Jung
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.39C no.8
    • /
    • pp.738-745
    • /
    • 2014
  • Recently, mobile users continuously increase, and mobile applications also increase As mobile applications increase, the mobile users used to store sensitive and private information such as Bank information, location information, ID, password on their mobile devices. Therefore, recent malicious application targeted to mobile device instead of PC environment is increasing. In particular, since the Android is an open platform and includes security vulnerabilities, attackers prefer this environment. This paper analyzes the performance of malware detection system applying linear SVM machine learning classifier to detect Android malware application. This paper also performs feature selection in order to improve detection performance.

A Structure of Personalized e-Learning System Using On/Off-line Mixed Estimations Based on Multiple-Choice Items

  • Oh, Yong-Sun
    • International Journal of Contents
    • /
    • v.5 no.1
    • /
    • pp.51-55
    • /
    • 2009
  • In this paper, we present a structure of personalized e-Learning system to study for a test formalized by uniform multiple-choice using on/off line mixed estimations as is the case of Driver :s License Test in Korea. Using the system a candidate can study toward the license through the Internet (and/or mobile instruments) within the personalized concept based on IRT(item response theory). The system accurately estimates user's ability parameter and dynamically offers optimal evaluation problems and learning contents according to the estimated ability so that the user can take possession of the license in shorter time. In order to establish the personalized e-Learning concepts, we build up 3 databases and 2 agents in this system. Content DB maintains learning contents for studying toward the license as the shape of objects separated by concept-unit. Item-bank DB manages items with their parameters such as difficulties, discriminations, and guessing factors, which are firmly related to the learning contents in Content DB through the concept of object parameters. User profile DB maintains users' status information, item responses, and ability parameters. With these DB formations, Interface agent processes user ID, password, status information, and various queries generated by learners. In addition, it hooks up user's item response with Selection & Feedback agent. On the other hand, Selection & Feedback agent offers problems and content objects according to the corresponding user's ability parameter, and re-estimates the ability parameter to activate dynamic personalized learning situation and so forth.

Design of Biometrics System Using ECG Lead III Signals (심전도 신호의 리드 III 파형을 이용한 바이오인식)

  • Min, Chul-Hong;Kim, Tae-Seon
    • Journal of the Institute of Electronics Engineers of Korea SC
    • /
    • v.48 no.6
    • /
    • pp.43-50
    • /
    • 2011
  • Currently, conventional security methods including IC card or password type method are quickly switched into biometric security systems in various applications and the electrocardiogram (ECG) has been considered as one of novel biometrics way. However, conventional ECG based biometrics used lead II signal which conventionally used for formulaic signal to heart disease diagnosis and it is not suitable for biometrics since it is rather difficult to find consistent features for heart disease patents. To overcome this problem, we developed new biometrics system using ECG lead III signals. For wave extraction, signal peak points are extracted through AAV algorithm. For feature selection, extracted waves are categorized into one of four wave types and total twenty two features including number of vertices, wave shapes, amplitude information and interval information are extracted based on their wave types. Experimental results for thirty-six people showed 100% specificity, 95.59% sensitivity and 99.17% of overall identification accuracy.