Factors of Password-based Authentication

Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS. This approach explored how authentication practices can be measured in three component areas: 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. This report explores the criteria that are required to define these component areas.

[1]  Mario Piattini,et al.  Metrics of Password Management Policy , 2006, ICCSA.

[2]  Anthony J. Palmer,et al.  Criteria to evaluate Automated Personal Identification Mechanisms , 2008, Comput. Secur..

[3]  Hirohito Inagaki,et al.  A Password Authentication Method for Contents Communications on the Internet , 1998 .

[4]  Steven Furnell,et al.  Password Replacement: Replacing passwords: in search of the secret remedy , 2006 .

[5]  Pierangela Samarati,et al.  Authentication, access control, and audit , 1996, CSUR.

[6]  Wanli Ma,et al.  The Good and Not So Good of Enforcing Password Composition Rules , 2007, Inf. Secur. J. A Glob. Perspect..

[7]  Marlyn Kemper Littman Guidelines for Network Security in the Learning Environment. , 1996 .

[8]  Steven Furnell,et al.  An assessment of website password practices , 2007, Comput. Secur..

[9]  Giancarlo Ruffo,et al.  EnFilter: A Password Enforcement and Filter Tool Based on Pattern Recognition Techniques , 2005, ICIAP.

[10]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[11]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[12]  Stephen Dovers,et al.  Sustainability indicators, policy and governance: Issues for ecological economics , 2006 .

[13]  Wanli Ma,et al.  A Conceptual Framework for Assessing Password Quality , 2007 .

[14]  U. Sekaran,et al.  Research Methods for Business : A Skill Building Approach (5th Edition) , 1992 .

[15]  Charles R. Shipan,et al.  A social choice approach to expert consensus panels. , 2004, Journal of health economics.

[16]  Helen M. Wood,et al.  The use of passwords for controlling access to remote computer systems and services , 1899, AFIPS '77.

[17]  S. Furnell Assessing password guidance and enforcement on leading websites , 2011 .

[18]  Vijaya M.S,et al.  Password Strength Prediction Using Supervised Machine Learning Techniques , 2009, 2009 International Conference on Advances in Computing, Control, and Telecommunication Technologies.

[19]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[20]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[21]  Mervyn A. Jack,et al.  Usable security: User preferences for authentication methods in eBanking and the effects of experience , 2010, Interact. Comput..

[22]  Donald Firesmith,et al.  Engineering Security Requirements , 2003, J. Object Technol..

[23]  Messaoud Benantar,et al.  Access Control Systems: Security, Identity Management and Trust Models , 2005 .

[24]  Mario Piattini,et al.  Quality of password management policy , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[25]  Benjamin B. M. Shao,et al.  The usability of passphrases for authentication: An empirical field study , 2007, Int. J. Hum. Comput. Stud..