Password System Research Articles

Cybersecurity end-user compliance: Password management versus update compliance

In today's world, organizations rely on cybersecurity end-user compliance as an essential practical parameter. Yet cybersecurity compliance remains a challenge, and failures are commonplace. But why? In addressing this question, we argue that ISP compliance is neither too monolithic nor too granular a construct but needs respecification. We empirically investigate cybersecurity antecedents leading to (i) user protection-centric password management and (ii) system protection-centric update compliance dimensions. The results of our survey of 241 users show differentiating behavioral strands intertwined across different types of compliance, highlighting a unique interplay of attitudes, knowledge, and social factors as antecedents to password and update compliance.

Geometrically asymmetric pressure sensor with precious few electrodes achieves precise detection of both position and strength by machine learning

Wearable devices that can accurately detect the position and strength of applied pressure have been a focus of attention in the field of flexible tactile sensing. However, conventional sensor arrays with multiple units have many challenges in practical applications due to their complex circuit layouts and poor robustness, etc., which could be solved by minimizing the number of connecting electrodes among each unit. Herein, a pressure sensor with geometrically asymmetric structure has been proposed to remove all the connected inner electrodes. The sensor is constructed by three pieces of fabrics, with one insulating fabric sandwiched by two conductive fabrics coated with carbon nanotubes. Notably, the bottom fabric is specially designed in an optimized asymmetric shape with a rectangular hole located off-center of the square, assisting the sensor to generate different resistive and capacitive responses among pre-divided nine areas through only three external electrodes. Compared to conventional resistive sensor arrays, the number of electrodes is reduced by 83.3 %. With the assistance of machine learning, pressure-positioning with an accuracy of more than 98.1 % and precise strength measurements are achieved. Based on this sensor and the trained neural network, a two-level password system is constructed for more reliable role recognition. The asymmetric strategy proposed in this work provides a novel design for realizing precise detection of both position and strength using extremely simplified circuits, which has great potential in the field of wearable electronics.

Multi-Factor Authentication: A User Experience Study

Usability issues prevent multi-factor authentication (MFA) systems from being widely used, despite the fact that they are essential for improving security measures. This study explores the problems with MFA systems' usability and suggests possible fixes to enhance the user experience. The study emphasizes the value of good design while highlighting the efficacy of graphical password systems as a user-friendly substitute for conventional MFA techniques. The report also makes recommendations for future research directions, such as assessing resilience against complex assaults, improving support for mobile applications, and weighing the benefits and drawbacks of image-based authentication systems. Comprehensive user research and assessments can yield important insights to improve the effectiveness and usability of different MFA approaches. Additionally, a two-way image-based mobile device authentication system devices is introduced in the article, demonstrating improved login success rates and security threat resistance. In order to further enhance the authentication process, future development will focus on scalability, user input surveys, and bolstering system security. Keywords: Multi-Factor Authentication (MFA), User Experience (UX), Security, Usability, Graphical Passwords, Biometric Authentication, Mobile Devices, Image- Based Authentication, Psychological Aspects, Resilience,Scalability, Advanced Security Features

3-Level Password Authentication System

Abstract: The project is an authentication system that allows users to access the system only if they have entered the correct password. The project includes three levels of user identification. while some took them to their limits. In short, almost all passwords available today can be cracked to some degree. Therefore, this project aims to achieve maximum security in user authentication. Includes three logins with three different password systems. Password difficulty increases with each level..

A Recognition-Based Graphical Password System for Enhanced User Authentication

Abstract: Password-based authentication is a popular way for ensuring computer application security and privacy. Nonetheless, the "weakest link" in the authentication process is believed to be user-chosen weak passwords and hazardous input techniques. People generally utilize mnemonic or brief passphrases instead of random alphanumeric characters. Because internet and mobile applications are widely available, users can access them from any location, at any time, using any device. While this simplicity is generally appreciated, it also increases the likelihood that credentials will be compromised through Visual Hacking. The assault tactics can include employing external recording equipment or watching the victim personally in order to obtain their login information. In response to this issue, our team created a graphical password-based authentication mechanism to combat the threat of Visual Hacking. The system's security mechanism is three-tiered, featuring password verification as well as colour and pattern matching features. This means that even with numerous camera-based hacking attempts, potential attackers would have a tough time determining or limiting the password. In addition, we created and tested a system prototype to determine its usability. According to our trial results, our system can survive Visual Hacking better than previous authentication systems while maintaining a high level of security and usability.

A secured image based three factor user authentication system

Graphical User Authentication (GUA) is an image-based password system that leverages the human tendency to remember visuals more effectively. This methodology enables users to effortlessly generate and recall passwords. The three important parameters for any graphical based password system are Usability, Randomness and Security. Usability deals with the system adaptability, memorability, flexibility, User satisfaction etc. On the other side randomness is about Hotspot Coverage, Click Point Clustering, Spatial Patterns, J-statistics etc. This paper is an attempt to initially develop an image-based authentication system that is usable, venerable in terms of randomness. In addition, it is necessary to build a strong security authentication process where the attackers are unable to access the system. The past research study claims the diversity between the usability and security aspect. The focus of this research study is to analyze the impact of various security attacks on the proposed system and the possible solution to avoid them.

Highly stretchable conductors reveal the effect of dielectric layer thickness on triboelectric nanogenerator output

Triboelectric nanogenerators (TENGs) have been extensively studied as harvesting devices for high-entropy energy in the internet of things (IoT) era. However, the mechanism by which the dielectric layer affects the TENG output remains controversial. In this paper, through studying the TENG based on liquid metal (LM) thermoplastic polyurethane (TPU) composite film (LM-TENG), a clear understanding of how the thickness of the dielectric layer affects the output of the TENG is obtained. The resistance-invariant property of the highly stretchable elastic conductor TPU@LM under large strain enables the LM-TENG to work under continuous changes in the thickness of the dielectric layer. The existence of the most suitable thickness of the TENG dielectric layer is demonstrated. The optimum equivalent thickness increased the output power of the LM-TENG by a factor of nine. This result provides important guidance for the structural design of TENGs. Finally, an anti-peeping smart door lock password system based on LM-TENG was successfully designed, demonstrating the great application potential of TENG in the field of smart home.

Examination of the impact of cyber security on networks operations: A case of Vodafone Ghana

Computer network operations of organizations are always prone to cyber-attacks from different people, including misguided employees within the organization, due to the errors they make which lead to exploitation by cyber criminals. These people normally have destructive tendencies better known to themselves, as they would go to every extent to make sure that their nefarious intentions are achieved. It therefore, behooves on network operation technologists to innovate concrete and tested security measures to secure organizations’ network systems against hackers. The destruction could impact the activities of the organization to come to complete halt, as important information, a resource of the enterprise, may be damaged, stolen or lost. Some of these hackers may then turn around and demand huge sums of money from the organization before the stolen information may be released; likely the restored software may be tainted and therefore, different from the original state. Consequently, management of organizations should make adequate security preparations to forestall these destructive propensities of hackers. Vodafone Ghana therefore, should reinforce its security system to make sure the firewall and password systems, and access to its servers from the outside world are not compromised.

Deep learning based graphical password authentication approach against shoulder-surfing attacks

The password used to authenticate users is vulnerable to shoulder-surfing assaults, in which attackers directly observe users and steal their passwords without using any other technical upkeep. The graphical password system is regarded as a likely backup plan to the alphanumeric password system. Additionally, for system privacy and security, a number of programs make considerable use of the graphical password-based authentication method. The user chooses the image for the authentication procedure when using a graphical password. Furthermore, graphical password approaches are more secure than text-based password methods. In this paper, the effective graphical password authentication model, named as Deep Residual Network based Graphical Password is introduced. Generally, the graphical password authentication process includes three phases, namely registration, login, and authentication. The secret pass image selection and challenge set generation process is employed in the two-step registration process. The challenge set generation is mainly carried out based on the generation of decoy and pass images by performing an edge detection process. In addition, edge detection is performed using the Deep Residual Network classifier. The developed Deep Residual Network based Graphical Password algorithm outperformance than other existing graphical password authentication methods in terms of Information Retention Rate and Password Diversity Score of 0.1716 and 0.1643, respectively.

Click and Session based Captcha as Graphical Password Authentication Process using AI Technology

Abstract: Graphical passwords, two-factor authentication, and other ways are just a few of the many options we have for authentication. Text based protection. Codes are susceptible to a variety of assaults, including dictionary attacks. As a result, as part of the authentication procedure, in addition to the usual alpha-numeric password, we also utilise pictures with captchas. It also fixes the problems with the pass points of graphical password systems. Automated Turing Test for Computers and Humans that Is Completely Public (CAPTCHA) Users who have successfully authenticated must pass a test in order to access their individual mail accounts. Accounts that put the secrecy, reliability, and privacy of data at risk are attacked by bots and other malicious software. This was stopped by the invention of CAPTCHA.

Kerberos authentication protocol implementation based on DHR atypical construct

As a commonly used identity authentication protocol, the Kerberos authentication protocol uses a symmetric password system, which has significant efficiency advantages but also brings risks such as password guessing and replay attacks. Some existing research combines public key cryptography with Kerberos to greatly enhance its security, but the large amount of computation required for public-private key cryptography leads to lower efficiency. This paper proposes a solution that uses the DHR non-typical construction to provide dynamism and randomness to the Kerberos authentication protocol to improve its security while minimizing efficiency losses. Experimental results show that the improved protocol can resist attacks while ensuring efficiency.

Strengthen Password Using Image Authentication

Authentication is by password It is alphanumeric in nature. However, the user finds it Difficulty remembering long passwords Remember many times while running. instead of this. They create short, simple and insecure passwords. User data vulnerable to external attacks. Graphically Passwords offer a way out of this dilemma Passwords that are easy for users to remember and use Passwords, more secure. With Graphical password, user clicks on image instead of typing it. A text password containing alphanumeric characters. A New, more secure graphical password system Developed using image segmentation. Picture A segmentation system presents images to the user Here the user selects some grid on that image. If These points, entered in the correct order, user. The result is an alphanumeric password and Both graphical passwords worked around the same time, Graphical passwords were easy to obtain and remember. [1]As such, graphical passwords have been found to be harder to crack They are newly implemented and don't have many algorithms Designed to break them.

Privacy-preserving bimodal authentication system using Fan-Vercauteren scheme

The requirement of a person to be available during the authentication made the biometric authentication to be used in abundant applications over password or token-based authentication systems. Privacy and security are two major concerns still to be addressed in biometric authentication system. In the last couple of years, researchers used the homomorphic encryption (HE) to propose the privacy-preserving biometric authentication systems which overcomes the limitations of cancelable biometrics and biometric cryptosystems. But these methods fail to achieve overall performance and security measures. To handle this, we introduce a privacy-preserving Bimodal authentication system (PPBA) utilizing Fan-Vercauteren scheme. An optimized method is proposed to compute the hamming distance between the encrypted templates that helps to carry out the computation without disclosing the user sensitive data. PPBA is tested on publicly available databases to analyze its efficiency. PPBA satisfies the diversity, irreversibility, revocability properties and also achieves decent performance.

To Survey Graphical Password Verification Method

Abstract: In this present time, authentication is the way of giving persons access to system object based on user's uniqueness. If the codes match, the process will be succeed and user will get the consent to access the system. Text based password scheme follows the guidelines such as at least 8 characters long, should combine upper-case and lower-case and digit. user have problem to remember their complicated password over time due to the limitation of human brain, user tend to forget about their password. User tend to use the same password for all type of account. So if one account is hacked, the possibility for other account to be hack is a high. Graphical password can be used as alternative to solve the issue related to the text-based authentication based on the fact that humans can tend to remember pictures batter then text. Now a day’s many computer system, Network and internet based environment are trying to use of graphical authentication technique in this paper we make a survey of the basic authentication and its technique and also presents a comprehensive study of graphical password authentication method and graphical password system.

Cryptanalysis the SHA-256 Hash Function using Rainbow Tables

The research of the strength of a hashed message is of great importance in modern authentication systems. The hashing process is inextricably linked with the password system, since passwords are usually stored in the system not in clear text, but as hashes. The SHA-256 hash function was chosen to model the attack with rainbow tables. An algorithm for constructing a rainbow table for the SHA-256 hash function in the Java language is proposed. The conditions under which the use of rainbow tables will be effective are determined. This article aims to practically show the process of generating a password and rainbow tables to organize an attack on the SHA-256 hash function. As research shows, rainbow tables can reveal a three-character password in 3 seconds. As the password bit increases, the decryption time increases in direct proportion.

Multimodal Behavioral Biometric Authentication in Smartphones for Covid-19 Pandemic

The usage of mobile phones has increased multi-fold in recent decades, mostly because of their utility in most aspects of daily life, such as communications, entertainment, and financial transactions. In use cases where users’ information is at risk from imposter attacks, biometrics-based authentication systems such as fingerprint or facial recognition are considered the most trustworthy in comparison to PIN, password, or pattern-based authentication systems in smartphones. Biometrics need to be presented at the time of power-on, they cannot be guessed or attacked through brute force and eliminate the possibility of shoulder surfing. However, fingerprints or facial recognition-based systems in smartphones may not be applicable in a pandemic situation like Covid-19, where hand gloves or face masks are mandatory to protect against unwanted exposure of the body parts. This paper investigates the situations in which fingerprints cannot be utilized due to hand gloves and hence presents an alternative biometric system using the multimodal Touchscreen swipe and Keystroke dynamics pattern. We propose a HandGlove mode of authentication where the system will automatically be triggered to authenticate a user based on Touchscreen swipe and Keystroke dynamics patterns. Our experimental results suggest that the proposed multimodal biometric system can operate with high accuracy. We experiment with different classifiers like Isolation Forest Classifier, SVM, k-NN Classifier, and fuzzy logic classifier with SVM to obtain the best authentication accuracy of 99.55% with 197 users on the Samsung Galaxy S20. We further study the problem of untrained external factors which can impact the user experience of authentication system and propose a model based on fuzzy logic to extend the functionality of the system to improve under novel external effects. In this experiment, we considered the untrained external factor of ‘sanitized hands’ with which the user tries to authenticate and achieved 93.5% accuracy in this scenario. The proposed multimodal system could be one of the most sought approaches for biometrics-based authentication in smartphones in a COVID-19 pandemic situation.

Prevention of Shoulder-Surfing Attack Using Shifting Condition with the Digraph Substitution Rules

Graphical passwords are implemented as an alternative scheme to replace alphanumeric passwords to help users to memorize their password. However, most of the graphical password systems are vulnerable to shoulder-surfing attack due to the usage of the visual interface. In this research, a method that uses shifting condition with digraph substitution rules is proposed to address shoulder-surfing attack problem. The proposed algorithm uses both password images and decoy images throughout the user authentication procedure to confuse adversaries from obtaining the password images via direct observation or watching from a recorded session. The pass-images generated by this suggested algorithm are random and can only be generated if the algorithm is fully understood. As a result, adversaries will have no clue to obtain the right password images to log in. A user study was undertaken to assess the proposed method's effectiveness to avoid shoulder-surfing attacks. The results of the user study indicate that the proposed approach can withstand shoulder-surfing attacks (both direct observation and video recording method).The proposed method was tested and the results showed that it is able to resist shoulder-surfing and frequency of occurrence analysis attacks. Moreover, the experience gained in this research can be pervaded the gap on the realm of knowledge of the graphical password.

An empirical analysis of keystroke dynamics in passwords: A longitudinal study

The use of keystroke timings as a behavioural biometric in fixed-text authentication mechanisms has been extensively studied. Previous research has investigated in isolation the effect of password length, character substitution, and participant repetition. These studies have used publicly available datasets, containing a small number of passwords with timings acquired from different experiments. Multiple experiments have also used the participant's first and last name as the password; however, this is not realistic of a password system. Not only is the user's name considered a weak password, but their familiarity with typing the phrase minimises variation in acquired samples as they become more familiar with the new password. Furthermore, no study has considered the combined impact of length, substitution, and repetition using the same participant pool. This is explored in this work, where the authors collected timings for 65 participants, when typing 40 passwords with varying characteristics, 4 times per week for 8 weeks. A total of 81,920 timing samples were processed using an instance-based distance and threshold matching approach. Results of this study provide empirical insight into how a password policy should be created to maximise the accuracy of the biometric system when considering substitution type and longitudinal effects.

Authentication By Grid Image Pattern

Abstract: This paper tries to point out flashy topics in an authentication system that works by having the user select from images, in a specific pattern (order), presented in a Graphical User Interface (GUI). So that the graphical password approach is called Graphical Image Authentication (GIA). The most common authentication method is to use alpha-numerical passwords. For example user tends to choose passwords that can be easily guessed on the other hand, if a password is difficult to guess then it is often difficult to remember. To overcome this problem of low security, Authentication methods change from images to passwords. Because humans can remember visuals (patterns) better than text, graphical password schemes have been offered as a feasible replacement to text-based systems. Visual patterns, rather than specific images, are easier to remember.Patterns are general easier to remembered or recognized than text. This early study implies that many graphics in graphical password systems may support memorability. Keywords: Authentication, Pattern based authentication, Click points, Grid images, Graphical passwords

Verification Grid and Map Slipping Based Graphical Password against Shoulder-Surfing Attacks

Graphical password systems have received significant attention as one potential solution to the need for more usable authentication, but graphical passwords are often considered prone to shoulder-surfing attacks. In this paper, in order to build a balance between usability and security for authentication, we propose a new graphical password scheme by combining a specific verification grid with map slipping strategy. In the proposed scheme, a set of fixed grids are pregenerated on a map. During the registration process, the user is not only asked to select several points in sequence on the map to form a password route, but also required to choose one of the pregenerated grids as a specific verification grid for the subsequent authentication. The password route and the specific verification grid together form the complete graphical password. During the authentication process, the user needs to slip the map to let each point on the password route sequentially fit inside the specific verification grid which is already remembered by the user but difficult to be detected by the attackers. With the specific verification grid and the map slipping strategy, the proposed scheme can effectively defend against shoulder-surfing attacks. Meanwhile, the password points are represented as coordinates on the map; therefore, the proposed scheme has a negligible storage burden. The comparative experiments show that, using the proposed scheme, the success rate of shoulder-surfing defense can be increased by 37% to 56% with different grid sizes and password point numbers, and the usability of passwords can also be improved by 3% to 6%. Therefore, the proposed scheme can achieve good shoulder-surfing defense and reasonable usability simultaneously.