A model for secure and usable passphrases for multilingual users
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Date Issued: 2019
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Date Issued: 2019
A model for attaining extended e-commerce adoption and use by hospitality smmes in the Eastern Cape Province
- Authors: Maoneke, Pardon Blessings
- Date: 2014
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11147 , http://hdl.handle.net/10353/d1017897
- Description: There is a slow adoption and use of electronic commerce or e-Commerce by Small, Medium and Micro-sized Enterprises based in the hospitality sector (hospitality SMMEs). Only a few hospitality SMMEs that have adopted e-Commerce show the migration of value adding activities to their e-Commerce platforms. As such, this study developed and proposed a model that shows how hospitality SMMEs in the Eastern Cape Province can attain extended e-Commerce adoption and use. Extended e-Commerce platforms are characterised by the institutionalization of e-Commerce that includes Search Engine Marketing activities and/or listing services on intermediary websites, and engaging through social media websites. Tourism and hospitality customers’ information needs and buying behaviour were used to guide the requirements of extended e-Commerce platforms for hospitality businesses. The proposed model outlined factors determining extended e-Commerce adoption, extended e-Commerce characteristics and the anticipated e-Commerce adoption outcomes. The model was evaluated in the Eastern Cape using a multiple-case study methodology. The study’s use of a multiple-case study was applied within the interpretivist paradigm and four cases were considered. Triangulation through document analysis, interviews and observation was used for collecting data regarding factors determining the transition to extended e-Commerce adoption. A questionnaire was used for evaluating extended e-Commerce use. Within and cross-case analysis with the aid of coding was used for data analysis. Data collection and analysis validated the proposed model as a model that shows how hospitality SMMEs can attain extended e-Commerce adoption and use. The proposed model concedes that, successful adoption and use of e-Commerce by hospitality SMMEs would result in e-Commerce adoption outcomes namely online sales, reservations and customer service. These e-Commerce adoption outcomes are the criteria against which the level of extended e-Commerce adoption is measured.
- Full Text:
- Date Issued: 2014
- Authors: Maoneke, Pardon Blessings
- Date: 2014
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11147 , http://hdl.handle.net/10353/d1017897
- Description: There is a slow adoption and use of electronic commerce or e-Commerce by Small, Medium and Micro-sized Enterprises based in the hospitality sector (hospitality SMMEs). Only a few hospitality SMMEs that have adopted e-Commerce show the migration of value adding activities to their e-Commerce platforms. As such, this study developed and proposed a model that shows how hospitality SMMEs in the Eastern Cape Province can attain extended e-Commerce adoption and use. Extended e-Commerce platforms are characterised by the institutionalization of e-Commerce that includes Search Engine Marketing activities and/or listing services on intermediary websites, and engaging through social media websites. Tourism and hospitality customers’ information needs and buying behaviour were used to guide the requirements of extended e-Commerce platforms for hospitality businesses. The proposed model outlined factors determining extended e-Commerce adoption, extended e-Commerce characteristics and the anticipated e-Commerce adoption outcomes. The model was evaluated in the Eastern Cape using a multiple-case study methodology. The study’s use of a multiple-case study was applied within the interpretivist paradigm and four cases were considered. Triangulation through document analysis, interviews and observation was used for collecting data regarding factors determining the transition to extended e-Commerce adoption. A questionnaire was used for evaluating extended e-Commerce use. Within and cross-case analysis with the aid of coding was used for data analysis. Data collection and analysis validated the proposed model as a model that shows how hospitality SMMEs can attain extended e-Commerce adoption and use. The proposed model concedes that, successful adoption and use of e-Commerce by hospitality SMMEs would result in e-Commerce adoption outcomes namely online sales, reservations and customer service. These e-Commerce adoption outcomes are the criteria against which the level of extended e-Commerce adoption is measured.
- Full Text:
- Date Issued: 2014
- «
- ‹
- 1
- ›
- »