Evaluating Password Behavior at a Small University
- 1 American University of Ras Al Khaimah, United Arab Emirates
- 2 Hashemite University, Jordan
- 3 Yarmouk University, Jordan
Copyright: © 2020 Mohammed Awad, Zakaria Al-Qudah, Sahar Idwan and Abdul Halim Jallad. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
No matter how sophisticated an organization’s security system is, it remains vulnerable due to the human factor. In this study, we surveyed and analyzed the patterns practiced by users when generating passwords at a small-sized university. We found that users are not as aware of security requirements and practices as they think. Moreover, the vast majority of users’ passwords are breakable within days or shorter. Interestingly, we found that the use of numbers and uppercase letters is prevalent among users. However, numbers are mostly used at the end of the passwords and uppercase letters are mostly used at the beginning of passwords. The existence of such trends makes it easier for attackers to generate more effective dictionaries. Based on the analysis in this study, we make recommendations to the IT department to improve the password policy. Additionally, we provide recommendations to the faculty, staff, and students on how to strengthen their passwords.
- 1,358 Views
- 4,092 Downloads
- 1 Citations