IJEME Vol. 14, No. 1, 8 Feb. 2024
Cover page and Table of Contents: PDF (size: 398KB)
Full Text (PDF, 398KB), PP.33-40
Views: 0 Downloads: 0
Passwords, Password literacy, Password managers, Malpractices
This research paper investigates the attitudes and behaviors of Sri Lankan internet users toward passwords and password managers. The study addresses the security flaws and malpractices associated with passwords and aims to identify effective password management solutions. Two surveys were conducted, one focusing on user attitudes and strategies related to passwords, and the other evaluating user experiences with decentralized offline password managers. The findings reveal that a significant portion of the participants employed complex password-creation strategies and utilized various methods for storing and reusing passwords. Male participants and individuals in the 20-29 age group were predominant in the study. Surprisingly, only a minority of participants had received training in password creation and management. The analysis also indicated that participants without training tended to create easily breakable pass-words, while those with training opted for more complex and stronger passwords. In terms of password management methods, participants without training relied on manual note-taking or memorization, while those with training pre-ferred secure password managers. Furthermore, the study found a higher prevalence of password reuse among partici-pants who used manual password creation methods compared to those who used password generators. The research underscores the need for improved password management practices and increased awareness among Sri Lankan internet users. The findings introduce novel insights into the existing knowledge of password management and lay the groundwork for developing targeted interventions and strategies to enhance security in the Sri Lankan online landscape.
Prageeth Fernando, "Exploring Perceptions and Habits of Sri Lankan Users: A Study on Password Management and Adoption of Password Managers", International Journal of Education and Management Engineering (IJEME), Vol.14, No.1, pp. 33-40, 2024. DOI:10.5815/ijeme.2024.01.04
[1]R. Morris and K. Thompson, “Password security: a case history,” Commun. ACM, vol. 22, no. 11, pp. 594–597, 1979, doi: 10.1145/359168.359172.
[2]R. Nagahawatta, M. Warren, and W. Yeoh, “A Study of Cybersecurity Awareness in Sri Lanka A Study of Cybersecurity Awareness in Sri Lanka,” 2020.
[3]S. Kemp, “Digital 2022: Sri Lanka,” DataReportal – Global Digital Insights, 2022. https://datareportal.com/reports/digital-2022-sri-lanka
[4]R. Macgregor, “USER COMPREHENSION OF PASSWORD REUSE RISKS AND MITIGATIONS IN PASSWORD MAN-AGERS,” 2020. Accessed: Jan. 01, 2023. [Online]. Available: https://dalspace.library.dal.ca/bitstream/handle/10222/78416/MacGregor-Robbie-MCSc-CSCI-April-2020.pdf?sequence=1
[5]M. Lennartsson, “Evaluating the Memorability of Different Password Creation Strategies: A Systematic Literature Review,” 2019.
[6]E. Stobert and R. Biddle, “The Password Life Cycle,” ACM Trans. Priv. Secur., vol. 21, no. 3, pp. 1–32, 2018, doi: 10.1145/3183341.
[7]N. Woods and M. Siponen, “Improving password memorability, while not inconveniencing the user,” Int. J. Hum.-Comput. Stud., vol. 128, pp. 61–71, 2019, doi: 10.1016/j.ijhcs.2019.02.003.
[8]D. Fredericks, “Users’ Perceptions Regarding Password Policies,” 2018.
[9]H. Habib et al., “Open access to the Proceedings of the Fourteenth Symposium on Usable Privacy and Security is sponsored by USENIX. User Behaviors and Attitudes Under Password Expiration Policies User Behaviors and Attitudes Under Password Ex-piration Policies,” 2018.
[10]S. Kankane, C. DiRusso, and C. Buckley, “Can We Nudge Users Toward Better Password Management?,” Ext. Abstr. 2018 CHI Conf. Hum. Factors Comput. Syst., 2018, doi: 10.1145/3170427.3188689.
[11]S. Pearman, S. Zhang, L. Bauer, N. Christin, and L. Cranor, “Open access to the Proceedings of the Fifteenth Symposium on Usable Privacy and Security is sponsored by USENIX. Why people (don’t) use password managers effectively Why people (don’t) use password managers effectively,” 2019.
[12]S. Lyastani, M. Schilling, S. Fahl, M. Backes, and S. Bugiel, “Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse,” 2018.
[13]S. Anand and S. Balakrishnan, “Challenges and issues in ensuring safe cloud based password management to enhance security,” 2019.
[14]M. Abuzaraida and A. Zeki, “Collection of Handwritten text View project Development of Malay Online Virtual Integrated Corpus (MOVIC) for Sentiment Analysis using Web-scraping View project AWARENESS AND SECURITY ISSUES IN PASSWORD MANAGEMENT AMONG LIBYAN UNIVERSITIES STAFF MEMBERS,” Artic. ID IJARET1112123 Int. J. Adv. Res. Eng. Technol., vol. 11, no. 12, pp. 1292–1303, 2020, doi: 10.34218/IJARET.11.12.2020.123.
[15]E. Kuka and R. Bahiti, “Information Security Management: Password Security Issues,” Acad. J. Interdiscip. Stud., vol. 7, no. 2, pp. 43–47, 2018, doi: 10.2478/ajis-2018-0045.