A situation-aware user interface to assess users’ ability to construct strong passwords

Stavrou, Eliana orcid iconORCID: 0000-0003-4040-4942 (2017) A situation-aware user interface to assess users’ ability to construct strong passwords. In: International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA 2017), 19-20 June 2017, London, UK.

[thumbnail of Author Accpeted Manuscript] PDF (Author Accpeted Manuscript) - Accepted Version
Restricted to Repository staff only


Official URL: http://ieeexplore.ieee.org/document/8073385/


Text-based passwords are still one of the main techniques to authenticate the users. Although a variety of measures (e.g. awareness activities, password-strength checkers, password-composition policies, etc.) are taken to prevent users from selecting weak passwords, the problem remains. A main factor that leads to weak passwords is the lack of awareness on what constitutes a strong password. Organizations should assess the users’ ability to construct a strong password through the assessment of their password’s strength, and taking into consideration the users’ practices that are typically applied when selecting a password. In this way, organizations can be aware of the situation, that is, if their users follow good or bad password construction practices. Depending on the practice utilized, the organization’s security level can be affected. Bad password construction practices can lead to weak passwords which can increase the risk of unauthorized access. Therefore, organizations should target for good practices to be utilized by their users in an effort to decrease the possibility of unauthorized access. A typical way to assess a password’s strength is by trying to crack it using password cracking tools. An assessor, e.g. system administrator, requires a fair amount of knowledge on how password cracking tools operate and need to be configured. Also, it is essential to be aware of the bad practices that users typically utilize. Such knowledge is not always present. Furthermore, these tools and their respective graphical user interface, have not been designed with the objective of assessing the users’ awareness level against bad password construction practices. This paper proposes a conceptual architecture to assist in designing a situation-aware user interface to assess users’ ability to construct a password that is not easily crackable. An initial mock prototype has been developed to realize the proposed architecture and identify the main features of the user interface.

Repository Staff Only: item control page