The password life cycle
Managing passwords is a difficult task for users, who must create, remember, and keep track
of large numbers of passwords. In this work, we investigated users' coping strategies for …
of large numbers of passwords. In this work, we investigated users' coping strategies for …
[PDF][PDF] The cyber security body of knowledge
D Basin - University of Bristol, ch. Formal Methods for, 2021 - cybok.org
The CyBOK project would like to understand how the CyBOK is being used and its uptake.
The project would like organisations using, or intending to use, CyBOK for the purposes of …
The project would like organisations using, or intending to use, CyBOK for the purposes of …
On the economics of offline password cracking
We develop an economic model of an offline password cracker which allows us to make
quantitative predictions about the fraction of accounts that a rational password attacker …
quantitative predictions about the fraction of accounts that a rational password attacker …
"They brought in the horrible key ring thing!" Analysing the Usability of Two-Factor Authentication in UK Online Banking
K Krol, E Philippou, E De Cristofaro… - arXiv preprint arXiv …, 2015 - arxiv.org
To prevent password breaches and guessing attacks, banks increasingly turn to two-factor
authentication (2FA), requiring users to present at least one more factor, such as a one-time …
authentication (2FA), requiring users to present at least one more factor, such as a one-time …
{“You} still use the password after {all”}–Exploring {FIDO2} Security Keys in a Small Company
The goal of the FIDO2 project is to provide secure and usable alternatives to password-
based authentication on the Web. It relies on public-key credentials, which a user can …
based authentication on the Web. It relies on public-key credentials, which a user can …
Of two minds about {Two-Factor}: Understanding everyday {FIDO}{U2F} usability through device comparison and experience sampling
Security keys are phishing-resistant two-factor authentication (2FA) tokens based upon the
FIDO Universal 2nd Factor (U2F) standard. Prior research on security keys has revealed …
FIDO Universal 2nd Factor (U2F) standard. Prior research on security keys has revealed …
Scaring and bullying people into security won't work
A Sasse - IEEE Security & Privacy, 2015 - ieeexplore.ieee.org
Users will pay attention to reliable and credible indicators of risks they want to avoid.
Security mechanisms with a high false positive rate undermine the credibility of security and …
Security mechanisms with a high false positive rate undermine the credibility of security and …
How to hack the hackers: The human side of cybercrime
MM Waldrop - Nature, 2016 - go.gale.com
Sasse is talking about ransomware: an extortion scheme in which hackers encrypt the data
on a user's computer, then demand money for the digital key to unlock them. Victims get …
on a user's computer, then demand money for the digital key to unlock them. Victims get …
“taking out the trash”: Why security behavior change requires intentional forgetting
J Hielscher, A Kluge, U Menges… - Proceedings of the 2021 …, 2021 - dl.acm.org
Security awareness is big business–virtually every organization in the Western world
provides some form of awareness or training, mostly bought from external vendors …
provides some form of awareness or training, mostly bought from external vendors …
A study of authentication in daily life
We report on a wearable digital diary study of 26 participants that explores people's daily
authentication behavior across a wide range of targets (phones, PCs, websites, doors, cars …
authentication behavior across a wide range of targets (phones, PCs, websites, doors, cars …