File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1080/02681102.2013.814040
- Scopus: eid_2-s2.0-84898902991
- WOS: WOS:000334265700006
- Find via
Supplementary
- Citations:
- Appears in Collections:
Article: Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics Monitoring and Just-in-Time Fear Appeals
| Title | Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics Monitoring and Just-in-Time Fear Appeals |
|---|---|
| Authors | |
| Keywords | support vector machine cybersecurity developing countries just-in-time fear appeals keystroke dynamics password reuse protection motivation theory |
| Issue Date | 2014 |
| Citation | Information Technology for Development, 2014, v. 20, n. 2, p. 196-213 How to Cite? |
| Abstract | Password reuse - using the same password for multiple accounts - is a prevalent phenomenon that can make even the most secure systems vulnerable. When passwords are reused across multiple systems, hackers may compromise accounts by stealing passwords from low-security sites to access sites with higher security. Password reuse can be particularly threatening to users in developing countries in which cybersecurity training is limited, law enforcement of cybersecurity is non-existent, or in which programs to secure cyberspace are limited. This article proposes a two-pronged solution for reducing password reuse through detection and mitigation. First, based on the theories of routine, cognitive load and motor movement, we hypothesize that password reuse can be detected by monitoring characteristics of users' typing behavior (i.e. keystroke dynamics). Second, based on protection motivation theory, we hypothesize that providing just-in-time fear appeals when a violation is detected will decrease password reuse. We tested our hypotheses in an experiment and found that users' keystroke dynamics are diagnostic of password reuse. By analyzing changes in typing patterns, we were able to detect password reuse with 81.71% accuracy. We also found that just-in-time fear appeals decrease password reuse; 88.41% of users who received a fear appeal subsequently created unique passwords, whereas only 4.45% of users who did not receive a fear appeal created unique passwords. Our results suggest that future research should continue to examine keystroke dynamics as an indicator of cybersecurity behaviors and use just-in-time fear appeals as a method for reducing non-secure behavior. The findings of our research provide a practical and cost-effective solution to bolster cybersecurity through discouraging password reuse. © 2013 © 2013 Commonwealth Secretariat. |
| Persistent Identifier | http://hdl.handle.net/10722/233837 |
| ISSN | 2022 Impact Factor: 4.8 2020 SCImago Journal Rankings: 0.858 |
| ISI Accession Number ID |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Jenkins, Jeffrey L. | - |
| dc.contributor.author | Grimes, Mark | - |
| dc.contributor.author | Proudfoot, Jeffrey Gainer | - |
| dc.contributor.author | Lowry, Paul Benjamin | - |
| dc.date.accessioned | 2016-09-27T07:21:46Z | - |
| dc.date.available | 2016-09-27T07:21:46Z | - |
| dc.date.issued | 2014 | - |
| dc.identifier.citation | Information Technology for Development, 2014, v. 20, n. 2, p. 196-213 | - |
| dc.identifier.issn | 0268-1102 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/233837 | - |
| dc.description.abstract | Password reuse - using the same password for multiple accounts - is a prevalent phenomenon that can make even the most secure systems vulnerable. When passwords are reused across multiple systems, hackers may compromise accounts by stealing passwords from low-security sites to access sites with higher security. Password reuse can be particularly threatening to users in developing countries in which cybersecurity training is limited, law enforcement of cybersecurity is non-existent, or in which programs to secure cyberspace are limited. This article proposes a two-pronged solution for reducing password reuse through detection and mitigation. First, based on the theories of routine, cognitive load and motor movement, we hypothesize that password reuse can be detected by monitoring characteristics of users' typing behavior (i.e. keystroke dynamics). Second, based on protection motivation theory, we hypothesize that providing just-in-time fear appeals when a violation is detected will decrease password reuse. We tested our hypotheses in an experiment and found that users' keystroke dynamics are diagnostic of password reuse. By analyzing changes in typing patterns, we were able to detect password reuse with 81.71% accuracy. We also found that just-in-time fear appeals decrease password reuse; 88.41% of users who received a fear appeal subsequently created unique passwords, whereas only 4.45% of users who did not receive a fear appeal created unique passwords. Our results suggest that future research should continue to examine keystroke dynamics as an indicator of cybersecurity behaviors and use just-in-time fear appeals as a method for reducing non-secure behavior. The findings of our research provide a practical and cost-effective solution to bolster cybersecurity through discouraging password reuse. © 2013 © 2013 Commonwealth Secretariat. | - |
| dc.language | eng | - |
| dc.relation.ispartof | Information Technology for Development | - |
| dc.subject | support vector machine | - |
| dc.subject | cybersecurity | - |
| dc.subject | developing countries | - |
| dc.subject | just-in-time fear appeals | - |
| dc.subject | keystroke dynamics | - |
| dc.subject | password reuse | - |
| dc.subject | protection motivation theory | - |
| dc.title | Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics Monitoring and Just-in-Time Fear Appeals | - |
| dc.type | Article | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1080/02681102.2013.814040 | - |
| dc.identifier.scopus | eid_2-s2.0-84898902991 | - |
| dc.identifier.volume | 20 | - |
| dc.identifier.issue | 2 | - |
| dc.identifier.spage | 196 | - |
| dc.identifier.epage | 213 | - |
| dc.identifier.eissn | 1554-0170 | - |
| dc.identifier.isi | WOS:000334265700006 | - |
| dc.identifier.issnl | 0268-1102 | - |