Skip to main content

Survey analysis

The survey made with the questionnaire described in previous blog post (Smut, 2021) has reached 11 responses. 

Forms response chart. Question title: What is your gender?. Number of responses: 11 responses.

Forms response chart. Question title: What is your age. Number of responses: 11 responses.

Forms response chart. Question title: What course are you going to study at DMU?. Number of responses: 11 responses.

It provides essential information about my current research in the field of password security. This post demonstrates the information gathered about the strength of passwords, how often users use same passwords on different services, using third person services for auto filling password forms. All of people who took part in the survey are either professionals in the field of computing or students who are planning to connect their lives with working in a computing area as can be seen from the diagrams above. Most of the participants are males, since the survey was shared with computing groups at DMUIC, that usually consist mostly of males


The diagram about the length of passwords:

The diagram above shows that most people have passwords less or equal to 14 characters. The minority of people have passwords less or equal to 8 characters. The most essential discovery is that no one of those who took part in the survey are using passwords longer than 14 characters. According to the information presented in my Major Project Theme blogpost, most of the Rainbow Tables found on the Internet are capable to be used against passwords with the length of less 14 characters. Therefore, passwords of all people who took part in the survey may be weak against rainbow table attacks.


The diagram about passwords’ complexity:


The diagram above shows data about the strength of the passwords used by people. According to this diagram, most of people have considerably strong passwords which are hard to penetrate brute-force attack since using lowercase and uppercase characters with numbers and symbols are 2183401 times harder to crack than average lowercase passwords with the length of 8 as shown in my Major Project theme post. Such results may be connected with the fact that all of participants are learning or working in the computing area, and this may affect the complexity of passwords, since people are better acknowledged with the problems of passwords.


Diagrams about password managers:


As shown above, the majority of people are using password managers for auto filling password forms on different services. However, those who tend not to use password managers give different reasons for such decision. Nevertheless, it shows that most of people who do not use password managers are less concerned about security of passwords than about technical problems which may appear with password manager such as major updates, and the fact that password managers make user stick to only one device where it is installed.

 

The diagram about manual changing of passwords:


The diagram above shows that the majority of participants change their passwords only when it is necessary or when the previous password is forgotten. One of the reasons for such statistic may be the fact that the majority of people are using password managers. Using of password managers make changing of passwords on different services more complicated, since it demands user to change password in the manager itself along with some particular service. It may be an interesting observation and it deserves future development and research.


To conclude, the information gathered shows that even computing students and professionals may take passwords not serious and suffer from lack of password hygiene. Such consideration may be supported with answers on the question below

The diagram shows that the majority of participants have never had their accounts stolen. Therefore, it may be possible that lack of password hygiene, such as not changing passwords or possessing short passwords, is connected with the absence of the personal experience of password cracking attacks.

 

 The data gathered may be used to educate people in password security. It can be used to demonstrate that password security is made of three factors, possessing only some of them does not guaranty that password is secure:


(Author's work)



Moreover, data gathered shows us the weakest places of user's password, and makes it possible to emphasize some aspects of password security in order to educate people more efficiently. For example, it could be effective to pay more attention to the length of password, since it is the weakest point identified in participant's passwords.

 

Reference:

Smut, I., (2021) Questionnaire for initial research. Google Blogger. Available from: https://ilya-smut.blogspot.com/2021/11/questionnaire-for-initial-research.html [Accessed November 27, 2021].



Comments

  1. Carrie MansfieldDecember 1, 2021 at 5:38 AM

    Some good analysis here - to improve, perhaps think about if there are any questions you now think might have been included, or how you could use this data to educate people in password strength and account security.

    ReplyDelete

Post a Comment

Popular posts from this blog

Software review: Hashcat

In the following blogpost the way I used software called hashcat in my project is described. The example of using this software for dictionary attack is demonstrated. In my work I used information provided by Tavarez (2020) .   According to Porup (2020) hashcat is one of the most popular password crackers all around the world. Moreover, hashcat is included in the list of basic tools in Kali linux – linux distribution widely used by cybersecurity specialists. I installed Kali linux virtual machine in order to use this program and to show the example of a dictionary attack (Author's screenshot) However, before looking at the examples of using hashcat on practise, it is useful to understand in which areas hashcat is using. In plain words, hashcat is a password guesser which includes a number of features and pre-installed functionalities for cracking passwords by penetrating brute-force and dictionary attacks. The way it works is not too sophisticated, it hashes considerable numbe...
1 comment
Read more

Major project theme

Every person has heard about how important it is to have a well-built strong password. An essential number of people would agree that password hygiene is as important as the personal hygiene is, since violation of first may lead to much more serious consequences. However, the statistics show that 59% of users use their names and dates of birth as their passwords, 43% shared their passwords with other people and only 45% would change a password after a breach (O’Driscoll, 2020). The aim of this post is to show how to create strong passwords. It is necessary to know how passwords are cracked in order to properly understand what password can be referred as strong one. There are to ways to execute an attack: online and offline.  Online attack is done by trying different passwords one by one through a normal log in process. Usually, such attacks are unsuccessful since they are easy to detect and block if necessary (Burnett and Kleiman, 2006).  I think everybody encountered situatio...
2 comments
Read more