Effective Use of Strong Passwords for Online Security - Literature review Example

Student’s Name Instructor’s Name: Course: Date of Submission Table of Contents Effective use of Strong Passwords for Online Security 3 Executive summary 3 1 Increased usage of weak passwords 4 2 Problems arising from weak passwords 6 3 Conclusion and recommendations 8 References 9 Effective use of Strong Passwords for Online Security Executive summary Computer security is a key challenge in growth of the information technology industry and enhancement of e-commerce and online enabled payment options. A major threat that is specifically affecting the success that has been achieved by the growth of computing and internet in the world today is password theft (O'Beirne, 2002). Hackers and malicious individuals crawl the web everyday with powerful software and malwares to gather as much passwords from unsuspecting internet users. Password theft is mainly targeted at obtaining credit card details, banking details, access to sensitive and personal information and theft of software or other copyrighted materials through the online platform (Puuronen & Seleznyov, 2003). While passwords have been identified as easy cost friendly way of authenticating genuine owners of accounts or information in the online platform, they are also becoming highly susceptible to theft by hacking. This has led to researchers coming up with different ways of solving the password theft menace (Curran, Doherty, & Turkington, 2011). A major agreement through within the cyber security circles is that internet users are not using as strong passwords as recommended despite them knowing the risks they are exposing themselves into (Zhang & McDowell, 2009). Why would the situation be so? One would ask. Several factors contribute to this scenario as discussed in this paper with the main ones happening to be user-related whereby users develop weak passwords knowingly for their remembrance convenience but not account security purposes. Phuong, Proctor, Spantzel, Tai, & Schultz (2007) argue that it is important that both parties; online account owners and users holding the accounts participate actively in reducing cyber crimes through proper development of secure passwords and increase in awareness on the importance of having strong passwords. 1 Increased usage of weak passwords According to Nelson & Phuong (2010) many people prefer using simple easy to remember passwords to their online accounts despite the recommendations by online companies that the account holders provide strong passwords. The simple passwords are easy to remember and produce unlike complex passwords containing letter, numbers and symbols which can easily be forgotten. To add to the debate Curran, Doherty, & Turkington (2011) observed that passwords have been viewed as a nuisance to many rather than a security feature designed to secure the information contained in the user’s account. This kind of mentality makes it difficult for online companies to enhance the security of information within their systems from hackers. Zhang & McDowell (2009) note that although several companies like Google and Microsoft provide guidelines into how strong passwords can be made by their users and actually rate the strength of the passwords, they do not stop users into developing passwords based on personal information such as birthdays and surnames mainly composed of letters and numbers instead of the combination of numbers, letters and special characters. It is a common practice by users to have a common password for multiple accounts for ease of remembrance (Skoularidou & Spinellis, 2003). This is a risky behavior as far as the security of information contained in the accounts is concerned. Hackers can use crawlers on the web to fetch such passwords and access all the accounts the user accessed with the password much to the disadvantage of the user. The importance of strong passwords usually comes into the attention of an internet user once an account has been hacked into and crucial information occurs leading to massive losses that would have been avoided. Online companies have also not been so keen to enhance security of passwords further increasing the vulnerability of users’ accounts. In systems detached from online systems login attempts are restricted to a few attempts say three, after which the system denies access to the system by the user. It’s a different situation for online accounts though where users can try to access an account for innumerable times without the system denying possibility of any further attempts to access the account (Furnel & Leith, 2006; Curran, Doherty, & Turkington, 2011). Figure 1.1 (Gazier & Medlin, 2006) shows results from a 2006 study on password composition From these results it can be seen that majority of internet users still prefer simple alphabetic passwords disregarding suggestions that a combination of letters, numbers, and special characters make the best passwords that can guarantee security of their accounts. 2 Problems arising from weak passwords While it is debatable on the side of internet users on the number of passwords one should have leave alone their strength, it is an accepted fact that cyber crime mostly related to password theft has cost e-commerce and related activities a lot of money running into millions of dollars in fact it was estimated to be averaging 290 million dollars annually (Nelson & Phuong, 2010). This is huge amounts of money attained illegally but to some extent being aided by the very persons who are tasked with the responsibility f ensuring safe use of their accounts. As the internet continues to penetrate even more regions of the world at a faster rate than has been witnessed before, salient issues as regards the security of the very system have come to fore, password theft being a major point of focus. The issue does not only include money but theft of private information such as court case information or classified documents. These has only led to increased fear and slowed usage of internet and computing technology in areas where the technology could enhance more productivity and efficiency if adopted (Frocht & Tsai, 2003). Self generation of passwords has been viewed as very effective way to increase the chances that a user can be able to remember the password as opposed to a situation where the password is generated for them. Users don’t attach any meaning to the passwords generated for them and as such don’t remember them. Self generation though comes at a cost to the industry as users tend to develop weak passwords that do not offer effective security to their information (Furnel & Leith, 2006). It is a challenge to online companies who are torn between effecting use of highly secure passwords that are hard to remember in some cases or allowing simple passwords so that users can enjoy services offered and don’t feel frustrated. Difficulties in accessing account can be a major disadvantage when it comes to competing for the companies. It is commonly connected to password errors which are attributable to users forgetting complex passwords (Puuronen & Seleznyov, 2003; Zhang & McDowell, 2009). Being the only available means to authenticate accounts ownership, it is imperative that highly secure and easy to remember passwords should be used in accessing online accounts. This has led to development of several methods to come up with strong passwords. Some of these include: proactive password checking where users develop password but the systems determines their strength and allow usage of the password only if its strong enough (Phuong, Proctor, Spantzel, Tai, & Schultz, 2007); graphical or image-based password are also being advanced as the appropriate solution to the problem as they cant be easily accessed by hackers and are easy to remember since humans remember pictures better than letters and symbols (Nelson & Phuong, 2010); Use of hashing technique in password storage is also better methods of ensuring passwords are not easily accessible by hackers using Trojan software and other phishing techniques (Bishop & Klein, 1995). Table 2.1 (Nelson & Phuong, 2010) shows mean number of forgotten passwords as a function of generation technique Generation technique Sample size Mean (passwords) Image-based Mnemonic 26 0.12 Text-based mnemonic 26 1.08 As can be seen from the table above, the possibility of a user forgetting a text-base password is higher than that of forgetting and image-based password. This further supports the argument by Nelson & Phuong (2010) that humans remember image-based passwords better than text-based passwords. 3 Conclusion and recommendations As internet penetrates to simplify life for internet users and businesses all over the world, major security issue in the form of accounts authentication is coming into sharp focus as regards the growth and sustainability of the internet and computing as a platform to increased productivity and efficiency all over the world. Passwords have long been relied on as the preferred option in authenticating online accounts users since it’s less costly and simpler to use than other methods. The vulnerability of the option though which in many cases has been aided by the very users is a critical problem to be resolved to make internet transactions and operations safe. It is important for users of the internet to realize it is the simple passwords usually composed of personal information that hackers target to get into their accounts and use information contained therein maliciously. Several options to make passwords strong have been fronted such as image-based technique which solves the two major problems with complex passwords; memorizing passwords and passwords weakness. Image-based passwords are easy to remember for users and also hard to crack for hackers. On the side of online companies and institutions, it is vital they play their crucial role in ensuring security of information in their accounts by enhancing measures such as informing users on password strength and how they can develop strong passwords and why they need to. Login attempts should also be restricted to a few attempts to prevent access attempts by users guessing on login details. Companies can as well take it upon themselves to adopt techniques such as proactive password checking to ensure users develop strong passwords. References Bishop, M., & Klein, D. (1995). Improving system security via proactive password checking. 14 (3), 233-249. Curran, K., Doherty, J., & Turkington, G. (2011). Good Practice for Strong Passwords. EDPACS: The EDP Audit, Control, and Security Newsletter , 44 (5), 1-13. Frocht, K., & Tsai, Y. (2003). Security and network management: changes in the way we work. Information Management and Computer Security Journal , 22 (2), 23-45. Furnel, S., & Leith, Z. (2006). Replacing passwords: in search of the secret remedy. Network Research Group Journal, University of Plymouth , 4-8. Nelson, D., & Phuong, K. (2010). Effectiveness of image-based mnemonic techniques for enhancing the memorability and security of user-generated passwords. International Journal of Computers in Human Behavior, Department of Psychology, California State University , 26, 705-715. Nelson, D., & Phuong, K. (2010). Effectiveness of image-based mnemonic techniques for enhancing the memorability and security of user-generated passwords. International Journal of Computers in Human Behavior, Department of Psychology, California State University , 26, 705-715. O'Beirne, R. (2002). Computer network security and cyber ethics. Library Review , 51 (3), 142-155. Phuong, K., Proctor, R., Spantzel, A., Tai, B.-L., & Schultz, E. (2007). Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies , 65, 744-757. Puuronen, S., & Seleznyov, A. (2003). Using continuous user authentication to detect masqueraders. Information Management & Computer security , 11 (6), 325-336. Skoularidou, V., & Spinellis, D. (2003). Security architectures for network clients. Information Management and Computer Security Journal , 9 (2), 452-463. Zhang, L., & McDowell, W. C. (2009). Am I Really at Risk? Determinants of Online Users' Intentions to Use Strong Passwords. Journal of Internet Commerce , 8 (3/4), 181-197. Read More