Evaluating password behavior at a small university

Mohammed Awad; Zakaria Al-Qudah; Sahar Idwan; Abdul Halim Jallad

doi:10.3844/jcssp.2019.1.9

Evaluating password behavior at a small university

Mohammed Awad, Zakaria Al-Qudah, Sahar Idwan, Abdul Halim Jallad

Research output: Contribution to journal › Article › peer-review

2 Citations (Scopus)

Abstract

No matter how sophisticated an organization's security system is, it remains vulnerable due to the human factor. In this study, we surveyed and analyzed the patterns practiced by users when generating passwords at a smallsized university. We found that users are not as aware of security requirements and practices as they think. Moreover, the vast majority of users' passwords are breakable within days or shorter. Interestingly, we found that the use of numbers and uppercase letters is prevalent among users. However, numbers are mostly used at the end of the passwords and uppercase letters are mostly used at the beginning of passwords. The existence of such trends makes it easier for attackers to generate more effective dictionaries. Based on the analysis in this study, we make recommendations to the IT department to improve the password policy. Additionally, we provide recommendations to the faculty, staff, and students on how to strengthen their passwords.

Original language	English
Article number	9
Journal	Journal of Computer Science
Volume	15
Issue number	1
DOIs	https://doi.org/10.3844/jcssp.2019.1.9
Publication status	Published - 2019
Externally published	Yes

Keywords

Awareness
Password
Security
Strength
Vulnerability

ASJC Scopus subject areas

Software
Computer Networks and Communications
Artificial Intelligence

Access to Document

10.3844/jcssp.2019.1.9

Cite this

@article{8e5ea6d0ee3f4c418fd98d2033dc04ef,

title = "Evaluating password behavior at a small university",

abstract = "No matter how sophisticated an organization's security system is, it remains vulnerable due to the human factor. In this study, we surveyed and analyzed the patterns practiced by users when generating passwords at a smallsized university. We found that users are not as aware of security requirements and practices as they think. Moreover, the vast majority of users' passwords are breakable within days or shorter. Interestingly, we found that the use of numbers and uppercase letters is prevalent among users. However, numbers are mostly used at the end of the passwords and uppercase letters are mostly used at the beginning of passwords. The existence of such trends makes it easier for attackers to generate more effective dictionaries. Based on the analysis in this study, we make recommendations to the IT department to improve the password policy. Additionally, we provide recommendations to the faculty, staff, and students on how to strengthen their passwords.",

keywords = "Awareness, Password, Security, Strength, Vulnerability",

author = "Mohammed Awad and Zakaria Al-Qudah and Sahar Idwan and Jallad, {Abdul Halim}",

note = "Publisher Copyright: {\textcopyright} 2019 Mohammed Awad, Zakaria Al-Qudah, Sahar Idwan and Abdul Halim Jallad.",

year = "2019",

doi = "10.3844/jcssp.2019.1.9",

language = "English",

volume = "15",

journal = "Journal of Computer Science",

issn = "1549-3636",

publisher = "Science Publications",

number = "1",

}

TY - JOUR

T1 - Evaluating password behavior at a small university

AU - Awad, Mohammed

AU - Al-Qudah, Zakaria

AU - Idwan, Sahar

AU - Jallad, Abdul Halim

PY - 2019

Y1 - 2019

N2 - No matter how sophisticated an organization's security system is, it remains vulnerable due to the human factor. In this study, we surveyed and analyzed the patterns practiced by users when generating passwords at a smallsized university. We found that users are not as aware of security requirements and practices as they think. Moreover, the vast majority of users' passwords are breakable within days or shorter. Interestingly, we found that the use of numbers and uppercase letters is prevalent among users. However, numbers are mostly used at the end of the passwords and uppercase letters are mostly used at the beginning of passwords. The existence of such trends makes it easier for attackers to generate more effective dictionaries. Based on the analysis in this study, we make recommendations to the IT department to improve the password policy. Additionally, we provide recommendations to the faculty, staff, and students on how to strengthen their passwords.

AB - No matter how sophisticated an organization's security system is, it remains vulnerable due to the human factor. In this study, we surveyed and analyzed the patterns practiced by users when generating passwords at a smallsized university. We found that users are not as aware of security requirements and practices as they think. Moreover, the vast majority of users' passwords are breakable within days or shorter. Interestingly, we found that the use of numbers and uppercase letters is prevalent among users. However, numbers are mostly used at the end of the passwords and uppercase letters are mostly used at the beginning of passwords. The existence of such trends makes it easier for attackers to generate more effective dictionaries. Based on the analysis in this study, we make recommendations to the IT department to improve the password policy. Additionally, we provide recommendations to the faculty, staff, and students on how to strengthen their passwords.

KW - Awareness

KW - Password

KW - Security

KW - Strength

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=85061503064&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061503064&partnerID=8YFLogxK

U2 - 10.3844/jcssp.2019.1.9

DO - 10.3844/jcssp.2019.1.9

M3 - Article

AN - SCOPUS:85061503064

SN - 1549-3636

VL - 15

JO - Journal of Computer Science

JF - Journal of Computer Science

IS - 1

M1 - 9

ER -

Evaluating password behavior at a small university

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this