Appraising the Strength of Users Passwords in Computing Systems in Nigeria
AbstractThe increases in computerized mode of operations and the activities of identity attackers have not only affected the trust in computerized systems but have slowed down the adoption of both offline and online services. Today there is the risk of unauthorized access, fraud and inappropriate disclosure of sensitive data. Human resources and malicious applications steal user identity, potentially resulting in a direct loss of highly sensitive information and hard currency to affected victims. To protect sensitive information, commercial and corporate sites extensively employ the use of textual passwords, which when used over an encrypted connection is vulnerable to attacks. To counter some of these attacks, many corporate sites instruct users to make use of mnemonic passwords without carefully considering the implications. This paper describes the generation of a novel mnemonic password dictionary, and an empirical study performed to analyze the strength and effectiveness of regular passwords and mnemonic passwords. Findings revealed that users’ context, which allows the deployment of mnemonic strategies for password memorization, is prosaic in nature and susceptible to human attackers and automated tools. Commercial and corporate sites will need these findings in order to adopt effective authentication strategies for logging users into their sites.
Journal of the Nigerian Association of Mathematical Physics, Volume 19 (November, 2011), pp 483 – 486