Ives, B., Walsh, K. R., & Schneider, H. (2004). The domino effect of password reuse. Communications Of The ACM, 47(4), 75-78. doi:10.1145/975817.975820
This is a brief cautionary article on the dangers of reusing a password across multiple applications. The authors give several examples of security breaches, but do not do a good job of illustrating that those security breaches were the direct or indirect result of a password re-use. Indeed, some of the incidents were a clear case of passwords being stolen and then used. While these incidents are definitely a password security issue, they do not indicate that password reuse is a concern. From there the authors examine the current state of password usage and make strong recommendations …show more content…
The protocol uses public parameters the researchers state have the advantages of no trapdoor information associated with them, avoids transmitting certificates, and are accessible by any client and server making them very useful. The authors then launch into a very detailed mathematical proof of their theorem. Since a large portion of this article is dedicated to the proof of their theorem, the article can be somewhat difficult to follow. However, there is still some value to be had by the novice in their introductory explanation of how security systems are breached. Their conclusion that an attack can eventually compromise any security measure relying only on a password is especially profound and unsettling. Also, their contribution of trying to clarify the term forward secrecy is interesting. Protocols that ensure forward secrecy can maintain the security of password and login combination even if another combination of password and login are known. This deep dive look into the internal workings of security protocol construction makes this article, at least, worth perusing. Additionally, understanding that ultimately no system is completely secure is an essential first step in creating a management system. Users need to understand they can never be completely secure, but a system should exist where they are relatively secure and yet able to manage that security …show more content…
Ten different studies and personality scales were examined and used to create a 180 item questionnaire for the participants in an effort to assess neuroticism, conscientiousness, and extraversion. From there, the authors synthesized their findings in an attempt to quantify impulsiveness into four facets. The facets were urgency, lack of premeditation, sensation seeking, and lack of perseverance. This is a dense article, especially if one has little or no training in psychology. It is very technically oriented and goes into great depth and detail. While it may be difficult to appreciate how this study relates to passwords and their usages, we should never forget that a big piece of the password puzzle is the user. This study goes to great lengths demonstrating that even experts in the field of psychology have difficulty agreeing on how to classify human behavior and even greater difficulty explaining it. Therefore, it should come as no surprise the issue of passwords goes beyond simply what can be programmed into a computer. While this article may not have much practical take away for the information systems researcher, helping us to understand the wide expanse and complexity of the human mind is certainly worth the time to peruse this article. Clearly if the password dilemma is to be solved, we must understand
This is a brief cautionary article on the dangers of reusing a password across multiple applications. The authors give several examples of security breaches, but do not do a good job of illustrating that those security breaches were the direct or indirect result of a password re-use. Indeed, some of the incidents were a clear case of passwords being stolen and then used. While these incidents are definitely a password security issue, they do not indicate that password reuse is a concern. From there the authors examine the current state of password usage and make strong recommendations …show more content…
The protocol uses public parameters the researchers state have the advantages of no trapdoor information associated with them, avoids transmitting certificates, and are accessible by any client and server making them very useful. The authors then launch into a very detailed mathematical proof of their theorem. Since a large portion of this article is dedicated to the proof of their theorem, the article can be somewhat difficult to follow. However, there is still some value to be had by the novice in their introductory explanation of how security systems are breached. Their conclusion that an attack can eventually compromise any security measure relying only on a password is especially profound and unsettling. Also, their contribution of trying to clarify the term forward secrecy is interesting. Protocols that ensure forward secrecy can maintain the security of password and login combination even if another combination of password and login are known. This deep dive look into the internal workings of security protocol construction makes this article, at least, worth perusing. Additionally, understanding that ultimately no system is completely secure is an essential first step in creating a management system. Users need to understand they can never be completely secure, but a system should exist where they are relatively secure and yet able to manage that security …show more content…
Ten different studies and personality scales were examined and used to create a 180 item questionnaire for the participants in an effort to assess neuroticism, conscientiousness, and extraversion. From there, the authors synthesized their findings in an attempt to quantify impulsiveness into four facets. The facets were urgency, lack of premeditation, sensation seeking, and lack of perseverance. This is a dense article, especially if one has little or no training in psychology. It is very technically oriented and goes into great depth and detail. While it may be difficult to appreciate how this study relates to passwords and their usages, we should never forget that a big piece of the password puzzle is the user. This study goes to great lengths demonstrating that even experts in the field of psychology have difficulty agreeing on how to classify human behavior and even greater difficulty explaining it. Therefore, it should come as no surprise the issue of passwords goes beyond simply what can be programmed into a computer. While this article may not have much practical take away for the information systems researcher, helping us to understand the wide expanse and complexity of the human mind is certainly worth the time to peruse this article. Clearly if the password dilemma is to be solved, we must understand