A model for secure and usable passphrases for multilingual users
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Date Issued: 2019
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Date Issued: 2019
Model for IT governance to improve information technology alignment of multi-campuses in South African institutions of higher learning
- Authors: Ngqondi, Tembisa Grace
- Date: 2014
- Subjects: IT Governance , Institution of higher learning , Strategic alignment
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: vital:11143 , http://hdl.handle.net/10353/d1015277 , IT Governance , Institution of higher learning , Strategic alignment
- Description: Information Technology (IT) has emerged as an important issue for the public and private sectors. It has been initially identified as a vehicle in supporting business processes by speeding up the process of decision making and easy access of information as required for the competitive advantage of businesses. Organisations regarded IT as an enabler of their business processes. As IT has grown, its shape and definition have drastically changed from being an enabler of the business processes to become a central and strategic concern within the organisation that drives the business processes. The new IT landscape has made organisations completely dependant on IT for their decision making and effective functioning. The dependence on IT has created a need for unified and effective structures, standards and best practices that ensure the effective execution of business processes using IT. The establishment of IT Governance for institutions of higher learning has created the dual challenges of how IT Governance can work within the culture of inclusiveness and shared decision making while better aligning existing IT structures. These dual challenges vary from one university to another based on the culture of the specific university. This study therefore suggests possible ways that IT Governance can shape an institution of higher learning by strategically aligning the institution’s IT strategy with the overall university strategy through the development of an IT Governance Model. To come up with the said proposed model, qualitative research techniques such as document analysis, observations, interviews, a questionnaire and briefing sessions were used during the research process. The comparative analysis of the case studied was used to identify different IT Governance models adopted by other universities. Literature was reviewed to establish the emerging IT Governance practices established and implemented by different authors. The result from this study is that an IT Governance model specific to WSU has been developed. This model can be used as guiding tool in establishing new IT Governance structures and also modify and improve the existing IT Governance structure of different institutions of higher learning. This model can further be used to guide the development of the institution IT Governance implementation architecture framework.
- Full Text:
- Date Issued: 2014
- Authors: Ngqondi, Tembisa Grace
- Date: 2014
- Subjects: IT Governance , Institution of higher learning , Strategic alignment
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: vital:11143 , http://hdl.handle.net/10353/d1015277 , IT Governance , Institution of higher learning , Strategic alignment
- Description: Information Technology (IT) has emerged as an important issue for the public and private sectors. It has been initially identified as a vehicle in supporting business processes by speeding up the process of decision making and easy access of information as required for the competitive advantage of businesses. Organisations regarded IT as an enabler of their business processes. As IT has grown, its shape and definition have drastically changed from being an enabler of the business processes to become a central and strategic concern within the organisation that drives the business processes. The new IT landscape has made organisations completely dependant on IT for their decision making and effective functioning. The dependence on IT has created a need for unified and effective structures, standards and best practices that ensure the effective execution of business processes using IT. The establishment of IT Governance for institutions of higher learning has created the dual challenges of how IT Governance can work within the culture of inclusiveness and shared decision making while better aligning existing IT structures. These dual challenges vary from one university to another based on the culture of the specific university. This study therefore suggests possible ways that IT Governance can shape an institution of higher learning by strategically aligning the institution’s IT strategy with the overall university strategy through the development of an IT Governance Model. To come up with the said proposed model, qualitative research techniques such as document analysis, observations, interviews, a questionnaire and briefing sessions were used during the research process. The comparative analysis of the case studied was used to identify different IT Governance models adopted by other universities. Literature was reviewed to establish the emerging IT Governance practices established and implemented by different authors. The result from this study is that an IT Governance model specific to WSU has been developed. This model can be used as guiding tool in establishing new IT Governance structures and also modify and improve the existing IT Governance structure of different institutions of higher learning. This model can further be used to guide the development of the institution IT Governance implementation architecture framework.
- Full Text:
- Date Issued: 2014
The establishment of a mobile phone information security culture: linking student awareness and behavioural intent
- Authors: Bukelwa, Ngoqo
- Date: 2014
- Subjects: Information security awareness -- Mobile phone security , Information safety
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/657 , vital:26485 , Information security awareness -- Mobile phone security , Information safety
- Description: The information security behaviour of technology users has become an increasingly popular research area as security experts have come to recognise that while securing technology by means of firewalls, passwords and offsite backups is important, such security may be rendered ineffective if the technology users themselves are not information security conscious. The mobile phone has become a necessity for many students but, at the same time, it exposes them to security threats that may result in a loss of information. Students in developing countries are at a disadvantage because they have limited access to information relating to information security threats, unlike their counterparts in more developed societies who can readily access this information from sources like the Internet. The developmental environment is plagued with challenges like access to the Internet or limited access to computers. The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context as most undergraduate students are offered a computer-related course which covers certain information security-related principles. During the restructuring of the South African higher education system, smaller universities and technikons (polytechnics) were merged to form comprehensive universities. Thus, the resultant South African university landscape is made up of traditional and comprehensive universities as well as universities of technology. Ordinarily, one would expect university students to have similar profiles. However in the case of this study, the environment was a unique factor which had a direct impact on students’ learning experiences and learning outcomes. Mbeki (2004) refers to two economies within South Africa the first one is financially sound and globally integrated, and the other found in urban and rural areas consists of unemployed and unemployable people who do not benefit from progress in the first economy. Action research was the methodological approach which was chosen for the purposes of this study to collect the requisite data among a population of university students from the ‘second economy’. The study focuses on the relationship between awareness and behavioural intention in understanding mobile phone user information security behaviour. The study concludes by proposing a behaviour profile forecasting framework based on predefined security behavioural profiles. A key finding of this study is that the security behaviour exhibited by mobile phone users is influenced by a combination of information security awareness and information security behavioural intention, and not just information security awareness.
- Full Text:
- Date Issued: 2014
- Authors: Bukelwa, Ngoqo
- Date: 2014
- Subjects: Information security awareness -- Mobile phone security , Information safety
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/657 , vital:26485 , Information security awareness -- Mobile phone security , Information safety
- Description: The information security behaviour of technology users has become an increasingly popular research area as security experts have come to recognise that while securing technology by means of firewalls, passwords and offsite backups is important, such security may be rendered ineffective if the technology users themselves are not information security conscious. The mobile phone has become a necessity for many students but, at the same time, it exposes them to security threats that may result in a loss of information. Students in developing countries are at a disadvantage because they have limited access to information relating to information security threats, unlike their counterparts in more developed societies who can readily access this information from sources like the Internet. The developmental environment is plagued with challenges like access to the Internet or limited access to computers. The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context as most undergraduate students are offered a computer-related course which covers certain information security-related principles. During the restructuring of the South African higher education system, smaller universities and technikons (polytechnics) were merged to form comprehensive universities. Thus, the resultant South African university landscape is made up of traditional and comprehensive universities as well as universities of technology. Ordinarily, one would expect university students to have similar profiles. However in the case of this study, the environment was a unique factor which had a direct impact on students’ learning experiences and learning outcomes. Mbeki (2004) refers to two economies within South Africa the first one is financially sound and globally integrated, and the other found in urban and rural areas consists of unemployed and unemployable people who do not benefit from progress in the first economy. Action research was the methodological approach which was chosen for the purposes of this study to collect the requisite data among a population of university students from the ‘second economy’. The study focuses on the relationship between awareness and behavioural intention in understanding mobile phone user information security behaviour. The study concludes by proposing a behaviour profile forecasting framework based on predefined security behavioural profiles. A key finding of this study is that the security behaviour exhibited by mobile phone users is influenced by a combination of information security awareness and information security behavioural intention, and not just information security awareness.
- Full Text:
- Date Issued: 2014
Absorptive capacity and information technology adoption strategies in Kenyan SMEs
- Authors: Ndiege, Joshua Rumo Arongo
- Date: 2013
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: vital:11140 , http://hdl.handle.net/10353/d1014672
- Description: Although Small and Medium Enterprises (SMEs), arguably, make up a significant part of economic development in many countries, these enterprises have continued to face challenges especially in developing countries like Kenya. With Information Technology (IT) being considered a critical component of the survival of SMEs, many are striving to invest in it. However, a number of these SMEs are still far from realising the full potential of their IT investments. In today‟s challenging and dynamic business environment, SMEs need to leverage both internal and external knowledge, exploit it to help improve and maintain their competitiveness, and consequently, their survival. This study has endeavoured to address the IT adoption strategy challenges experienced by SMEs in Kenya and other developing countries, as these have been largely flawed. The study has explored on the way in which these enterprises can build strong Absorptive Capacities (AC) and exploit these to improve their IT adoption processes through a model of AC. To achieve this, a qualitative, interpretive case study research approach was employed in this study. The findings of this study suggest that although AC plays a critical role in the performance of SMEs in Kenya, many of these enterprises have low levels of AC. It also became clear that all the SMEs that participated in the study had not attained maturity in their IT adoption process. However, SMEs that exhibited strong AC employed the use of more superior IT adoption processes than did their counterparts with low levels of AC. From the results of this study an IT Adoption Strategy Improvement Model (ITASIM) has been developed to help SMEs improve their IT adoption strategies. The model focuses on improving SMEs‟ AC and injecting these alongside the elements of a good strategy in the SMEs‟ IT adoption process. Furthermore, in order to help in the effective implementation of ITASIM, implementation guidelines have been developed.
- Full Text:
- Date Issued: 2013
- Authors: Ndiege, Joshua Rumo Arongo
- Date: 2013
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: vital:11140 , http://hdl.handle.net/10353/d1014672
- Description: Although Small and Medium Enterprises (SMEs), arguably, make up a significant part of economic development in many countries, these enterprises have continued to face challenges especially in developing countries like Kenya. With Information Technology (IT) being considered a critical component of the survival of SMEs, many are striving to invest in it. However, a number of these SMEs are still far from realising the full potential of their IT investments. In today‟s challenging and dynamic business environment, SMEs need to leverage both internal and external knowledge, exploit it to help improve and maintain their competitiveness, and consequently, their survival. This study has endeavoured to address the IT adoption strategy challenges experienced by SMEs in Kenya and other developing countries, as these have been largely flawed. The study has explored on the way in which these enterprises can build strong Absorptive Capacities (AC) and exploit these to improve their IT adoption processes through a model of AC. To achieve this, a qualitative, interpretive case study research approach was employed in this study. The findings of this study suggest that although AC plays a critical role in the performance of SMEs in Kenya, many of these enterprises have low levels of AC. It also became clear that all the SMEs that participated in the study had not attained maturity in their IT adoption process. However, SMEs that exhibited strong AC employed the use of more superior IT adoption processes than did their counterparts with low levels of AC. From the results of this study an IT Adoption Strategy Improvement Model (ITASIM) has been developed to help SMEs improve their IT adoption strategies. The model focuses on improving SMEs‟ AC and injecting these alongside the elements of a good strategy in the SMEs‟ IT adoption process. Furthermore, in order to help in the effective implementation of ITASIM, implementation guidelines have been developed.
- Full Text:
- Date Issued: 2013
- «
- ‹
- 1
- ›
- »