Weak password security: An empirical study

Information Security Journal

Volumn 17, Issue 1, 2008, Pages 45-54

  Weber, James E ^a   Guster, Dennis ^a   Safonov, Paul ^a   Schmidt, Mark B ^a  

^a ST CLOUD STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 85006986397     PISSN: 19393555     EISSN: 19393547     Source Type: Journal    
DOI: 10.1080/10658980701824432     Document Type: Article

References (27)

1. Aytes, K. and Connolly, T. (2004). Computer Security and Risky Computing Practices: A Rational Choice Perspective, Journal of Organizational and End User Computing, 16 (3):22-40.
2. Blundo, C., D'Arco, P., De Santis, A., and Galdi, C. (2004). HYPPO- CRATES: A New Proactive Password Checker, The Journal of Systems and Software, 71 (1-2):163.
3. Bort, J. (2002). Identity Management Begins with the Simple Password, Network World, 19 (42):8-10.
4. Cazier, J. A. and Medlin, B. D. (2006). Password Security: An Empirical Investigation into E-Commerce Passwords and Their Crack Times, Information Systems Security: The (ISC2) Journal, 15 (6): 45-55.
5. De Lisser, E. (2002). Tricks of the trade: A Techie's Password, The Wall Street Journal, May 22.
6. Drennen, J., Mort, G. S., and Previte, J. (2006). Privacy, Risk Perception, and Expert Online Behavior: An Exploratory Study of Household End Users, Journal of Organizational and End User Computing, 18 (1): 1-22.
7. Engebretson, D. J. (2004). 3 Ways to Keep Passwords and User Names Out of the Wrong Hands, Security Distributing & Marketing, 34 (10):39-40.
8. Flandez, R. (2004). Tricks of the Trade: A Techie Picks a Password, The Wall Street Journal, Oct. 13.
9. Fontana, J. (2005). Chevron Has Had it With Passwords, Networkworld, 22 (43): 1, 14.
10. Frank, J., Shamir, B., and Briggs, W. (1991). Security-Related Behavior of PC Users in Organizations. Information & Management, 21 (3):127-135.
11. Guster, D., Safonov, P., Podkorytov, D., and Hall, C. (2004). Business Computer Information Systems Security Against Hacking Attacks: Application of Distributed Processing and Software Modifiers in Defense of Password Files. In International Business Trends: Contemporary Readings, S. Fullerton and D. Moore (eds). Las Vegas, NV: Academy of Business Administration.
12. Institute, SANS. (2007). SANS Security Policy Project 2006. Cited April 11 2007. Available from http://www.sans.org/resources/policies/
13. Ives, B., Walsh, K. R., and Schneider, H. (2004). The Domino Effect of Password Reuse, Communications of the ACM, 47 (4):75-78.
14. Kelly, C. J. (2004). The Password Is: Useless (Probably), Computerworld, 38 (49):32.
15. Mulligan, J. and Elbirt, A. J. (2005). Desktop Security and Usability TradeOffs: An Evaluation of Password Management Systems, Information Systems Security: The (ISC2) Journal, 14 (2): 10-20.
16. Miller, G. A. (1956). The Magical Number Seven, Plus or Minus Two: Some Limits on Our Capacity for Processing Information, Psychological Review, 63:81-97.
17. Password Crackers, Inc. (2006) Password Portal-Password Recovery, Password Cracking 2004, Cited April 3, 2006. Available from http:// www.passwordportal.net/
18. Piazza, P. (2004). Better Passwords Made Easy, Security Management, 48 (8):34.
19. Project, Openwall. (2006). John the Ripper password cracker 2005. Retrieved April 10, 2006. Available from http://www.openwall.com/ john/
20. Schou, C. D. and Trimmer, K. J. (2004). Information Assurance and Security, Journal of Organizational and End User Computing, 16 (3):i-vii.
21. Semjanov, P. (2006). Password Cracking FAQ 2006. Cited April 3, 2006. Available from http://www.password-crackers.com/en/articles/12/
22. Stanton, J. M., Stam, K. R., Mastrangelo, P., and Jolton, J. (2005). Analysis of End User Security Behaviors, Computers & Security, 24 (2):124.
23. Thomas, B. (2007). Information Security with Minimal Training, and Without Costly Infrastructure Changes, SANS Institute 2005. Cited April 10, 2007. Available from http://www.sans.org/rr/whitepapers/ authentication/1636.php
24. Thurm, S. and Mangalindan, M. (2004). Trying to Remember New Passwords Isn't as Easy as ABC123, The Wall Street Journal, Dec. 9, A1.
25. Tuesday, V. (2003). Bad Policy Makes for Weak Passwords, Computerworld, 37 (48):38.
26. Wakefield, R. L. (2004). Network Security and Password Policies, The CPA Journal, 74 (7):6.
27. Warkentin, M., Davis, K., and Bekkering, E. (2004). Introducing the Check-Off Password System (COPS): An Advancement in User Authentication Methods and Information Security, Journal of Organizational and End User Computing, 16 (3):41-58.