A model for secure and usable passphrases for multilingual users
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
Financial literacy training in the small, medium and microenterprises sector : effect on business growth in the Eastern Cape, South Africa
- Authors: Akpan, Iniobong Wilson
- Date: 2016
- Subjects: Economics Small business Business enterprises -- Finance
- Language: English
- Type: Thesis , Doctoral , DCom
- Identifier: http://hdl.handle.net/10353/13608 , vital:39684
- Description: The centrality of financial literacy to business performance is increasingly becoming established in the literature, with several studies attributing business failures, especially in the small, medium and microenterprises (SMME) sector, to the failure of entrepreneurs to acquire needed levels of formal financial training. This emphasis represents a paradigm shift: small business failures were conventionally blamed on lack of access to capital, infrastructural deficits, lack of markets for SMME goods and services, regulatory constraints, and crime. In South Africa, and elsewhere in the developing world, this new orthodoxy has spurned new policy interventions aimed at improving the financial literacy levels in the SMME sector. Such is the drive to entrench formal literacy provisioning in the SMME sector that some microcredit providers now bundle financial management training into their SMME loan packages. However, there is a dearth of empirical studies that demonstrate, in any conclusive way, the effect of financial literacy training on small business growth and sustainability. The question, therefore, about whether formal financial literacy training actually leads to significant improvements in turnover levels and growth appears to be answered more as advocacy rather than on the basis of empirical evidence. It is against the backdrop of these arguments that the thesis adopted a quasi experimental design to study the business performance of a sample of SMME entrepreneurs who had received financial literacy training (the “treatment group”) at least two years before the study’s commencement and those who had had no financial literacy training at all (the “control group”). The objective was to determine whether any differences in business growth could be attributed to exposure to formal financial management training or the lack thereof. A survey was conducted with 40 respondents from each of the two groups (n = 80). The survey was triangulated with in-depth interviews of a randomly selected sample 10 of SMME operators from each of the two groups. The interviews sought to uncover the entrepreneurs’ narratives regarding the sources and salience of financial literacy in the sector. The study was conducted among SMME operators in Port Elizabeth, East London and Mthatha – the Eastern Cape’s major centres of commerce and industry. Data estimation was conducted using the Difference In Difference (DID) estimation model to determine whether financial literacy training has had any effect on the turnover of training recipients’ businesses (the treatment group) over that of non-training recipients (the control group). Also, the DID coefficient was used as a growth rate indicator to determine whether growth has occurred in training recipients’ businesses over non-training recipients businesses as a result of having received financial literacy training. The Propensity Score Matching (PSM) was used to estimate the average treatment effect (ATE) and the average treatment effect on the treated (ATET). Quantile DID correlations with covariates were also run to reveal the relationship between turnover (a growth variable) and the covariates as possible influencers of firm performance. The key findings of the study were that based on the specific financial variables tested, some basic financial management knowledge existed among members of the two groups of SMME operators, but there was very minimal application of the knowledge in the day-to-day running of the business. Operators utilise both formal financial literacy training and informal knowledge sources in the operation of their businesses. The study also found that in comparison, the difference in turnover between the treatment and control group at follow-up period was significant at a P value of 0.000. This gave rise to an overall DID P value of 0.000 in the estimation. However, the significance was in favour of control group businesses as the business of respondents in the “control group” (with no financial literacy training) performed better than that of respondents in the “treatment group” (who had received financial literacy training). Finally, the study found that financial literacy training had no effect on the growth of businesses in the short term as the growth rate of turnover of the treatment group was lower than that of the control group and the difference between the two rates was significant at a P value of 0.025. Also, compared to itself, the change in turnover levels of the treatment group was not significant in the pre- and post-training periods as revealed by the PSM ATET estimation result. Minimal changes in turnover of the treatment group was not significant at a P value of 0.124. The study concludes from these findings that while financial literacy remains a salient factor in business, scholarship about the real significance of financial literacy training on small business performance in the short term stands on a relatively shaky empirical foundation, especially when viewed against the background that many SMME entrepreneurs also rely on informal knowledge sources to make everyday business decisions. The study thus highlights the imperative of ensuring that knowledge-related interventions in the SMME sector draws on both formal and informal sources of knowledge.
- Full Text:
- Authors: Akpan, Iniobong Wilson
- Date: 2016
- Subjects: Economics Small business Business enterprises -- Finance
- Language: English
- Type: Thesis , Doctoral , DCom
- Identifier: http://hdl.handle.net/10353/13608 , vital:39684
- Description: The centrality of financial literacy to business performance is increasingly becoming established in the literature, with several studies attributing business failures, especially in the small, medium and microenterprises (SMME) sector, to the failure of entrepreneurs to acquire needed levels of formal financial training. This emphasis represents a paradigm shift: small business failures were conventionally blamed on lack of access to capital, infrastructural deficits, lack of markets for SMME goods and services, regulatory constraints, and crime. In South Africa, and elsewhere in the developing world, this new orthodoxy has spurned new policy interventions aimed at improving the financial literacy levels in the SMME sector. Such is the drive to entrench formal literacy provisioning in the SMME sector that some microcredit providers now bundle financial management training into their SMME loan packages. However, there is a dearth of empirical studies that demonstrate, in any conclusive way, the effect of financial literacy training on small business growth and sustainability. The question, therefore, about whether formal financial literacy training actually leads to significant improvements in turnover levels and growth appears to be answered more as advocacy rather than on the basis of empirical evidence. It is against the backdrop of these arguments that the thesis adopted a quasi experimental design to study the business performance of a sample of SMME entrepreneurs who had received financial literacy training (the “treatment group”) at least two years before the study’s commencement and those who had had no financial literacy training at all (the “control group”). The objective was to determine whether any differences in business growth could be attributed to exposure to formal financial management training or the lack thereof. A survey was conducted with 40 respondents from each of the two groups (n = 80). The survey was triangulated with in-depth interviews of a randomly selected sample 10 of SMME operators from each of the two groups. The interviews sought to uncover the entrepreneurs’ narratives regarding the sources and salience of financial literacy in the sector. The study was conducted among SMME operators in Port Elizabeth, East London and Mthatha – the Eastern Cape’s major centres of commerce and industry. Data estimation was conducted using the Difference In Difference (DID) estimation model to determine whether financial literacy training has had any effect on the turnover of training recipients’ businesses (the treatment group) over that of non-training recipients (the control group). Also, the DID coefficient was used as a growth rate indicator to determine whether growth has occurred in training recipients’ businesses over non-training recipients businesses as a result of having received financial literacy training. The Propensity Score Matching (PSM) was used to estimate the average treatment effect (ATE) and the average treatment effect on the treated (ATET). Quantile DID correlations with covariates were also run to reveal the relationship between turnover (a growth variable) and the covariates as possible influencers of firm performance. The key findings of the study were that based on the specific financial variables tested, some basic financial management knowledge existed among members of the two groups of SMME operators, but there was very minimal application of the knowledge in the day-to-day running of the business. Operators utilise both formal financial literacy training and informal knowledge sources in the operation of their businesses. The study also found that in comparison, the difference in turnover between the treatment and control group at follow-up period was significant at a P value of 0.000. This gave rise to an overall DID P value of 0.000 in the estimation. However, the significance was in favour of control group businesses as the business of respondents in the “control group” (with no financial literacy training) performed better than that of respondents in the “treatment group” (who had received financial literacy training). Finally, the study found that financial literacy training had no effect on the growth of businesses in the short term as the growth rate of turnover of the treatment group was lower than that of the control group and the difference between the two rates was significant at a P value of 0.025. Also, compared to itself, the change in turnover levels of the treatment group was not significant in the pre- and post-training periods as revealed by the PSM ATET estimation result. Minimal changes in turnover of the treatment group was not significant at a P value of 0.124. The study concludes from these findings that while financial literacy remains a salient factor in business, scholarship about the real significance of financial literacy training on small business performance in the short term stands on a relatively shaky empirical foundation, especially when viewed against the background that many SMME entrepreneurs also rely on informal knowledge sources to make everyday business decisions. The study thus highlights the imperative of ensuring that knowledge-related interventions in the SMME sector draws on both formal and informal sources of knowledge.
- Full Text:
- «
- ‹
- 1
- ›
- »