Perceived risk in online services and its effect on password strength

Brende, Håkon Orvik; Månsson, Ole-Martin

Brende, Håkon Orvik; Månsson, Ole-Martin

Master thesis

View/Open

no.uia:inspera:110849353:9997046.pdf (1.767Mb)

URI

https://hdl.handle.net/11250/3019808

Date

2022

Metadata

Show full item record

Collections

Master's theses in Cyber Security [64]

Abstract

Passwords are the most used method for authentication in online platforms. At the same time, password management continues to be one of the biggest security risks for individual users. This is due to both inadequate password behavior of most users, especially related to password strength which depends on the parameters assigned by the user in most cases. Two of the most prevalent behaviors that can expose users to danger are password reuse and weak password strength.

Our thesis focuses on the problem of weak password strength usage. Therefore, we seek to answer the following research problem: “Does the perception of risk associated with different online services influence password strength and is this universally applied?”. We conducted the research study on Norwegian students from the University of Agder. To answer our question, we followed a quantitative methodology in form of an online distributed survey. The study was based on findings from a literature review which helped us get an understanding of different factors affecting users’ password behavior, risk perception, knowledge, and the state of password strength. The survey received 99 respondents of which 70 were eligible for further analysis. The analyses of the data were conducted using Excel. We present our findings in figures, tables, and descriptive analysis. Our results show that using different password strengths for different online services is common among users. In addition, there are no significant changes in password strength between the services when analyzing behaviors of individual users. Moreover, the perceived risk of user accounts being attempted compromised, and the consequences of compromise in services have low correlation with password strength, with a few exceptions for some services. Two of these exceptions being porn, and news. Furthermore, we discuss our findings in detail by looking at outliers and trends in the data, and some commonalities between the services that follow a similar pattern in our findings. We concluded that password strength differs among online services, and that certain online services are more likely to have weaker passwords than others.

Publisher

University of Agder