Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems
Antwane Lewis - Philander Smith College
Co-Author(s): Tamara Bates, Latavia Hill, Jacques Iragena, and Samar Swaid, Philander Smith College, Little Rock, AR
With computers and smartphones being equipped with applications known as “apps” for online banking, shopping, and social networking sites, it’s is a common practice for users to create accounts with passwords. Therefore, websites provide passwords construction policies that help and guide users in their password creation. A number of studies indicate passwords generated are easy to guess and thereby can be easily hacked. This project would contribute to area of computer security, human-computer interaction and security policy making. This research aims to explore the impact of passwords construction policies on passwords strength. The research questions we are addressing are: (i) what are readability measures of passwords construction policies and; (ii) what are passwords strength measured by password entropy that are generated based on guidelines of password construction policies? Our hypothesis is that passwords construction policies would differ by website type and would have impact on password entropy. We began by selecting top 20 sites in different categories. We mainly focused on health, media, online gaming, social networking, software and telecommunication websites. Each member of the group was assigned a set of website to analyze. We obtained the readability score using test of Flech reading ease formula and Flech-Kincaid readability score test. We also recorded the website Alexa’s rank in order to gather website analytics information such as rank and traffic. Next, we calculated the entropy of each of the sites using information provided by each sites’ password policy. Content analysis of password construction policies reveals that readability measures of these password is high and only users with education level of at least 12th grade would understand and comprehend the content of password construction policies. We also found that limited number of these websites include password meters that would guide the users to create strong password. Password entropy calculations indicate that policies of password construction differ based on website categories. For example, password policies of gaming do not result in strong passwords. On the other hand, websites that includes sensitive information such as social networking (e.g., Facebook) provide users with rules to generate strong passwords. Data analysis did not find significant link between websites rank and quality of password construction policies. Our future research will focus on including other websites to confirm our findings. We also would use other measures for quality of passwords policies such as password meters used, password combination mix, password age and other formulas of password entropy.
References: Acker, S., Hausknecht, D., Joosen, W., Sabelfeld, A. 2015. Password Meters and Generators on the Web: From Large-Scale Empirical Study to Getting it Right. CODASPY’15, March2-4.
Funder Acknowledgement(s): National Science Foundation HBCU-UP Award No. 1238895
Faculty Advisor: Samar Swaid, sswaid@philander.edu
Role: We began by selecting top 20 sites in different categories. We mainly focused on health, media, online gaming, social networking, software and telecommunication websites. I was assigned to look up websites following the categories of online gaming and web content. From there, I had to identify objects to improve the password security and then calculate the readability scores of the password policy text. Then, I calculated the entropy of the passwords strength.