Introduction
The topic I am conducting my research paper on is on the theoretical level of difficulty that passwords are made with. It is believed that whether it be personal or professional, when a password is human made it will be challenging and keep whatever it is intended, private and secure. This topic is highly relevant and a top interest in the field of Cyber Security. Being that technology only continues to grow and hold onto more crucial information, humans use passwords everyday whether it be to their cell phone, laptop and even house or car for some people. The need for this theory to be talked about and examined is very high, hackers strike every 39 seconds in various ways but most of the time hackers get into someone’s profile or personal accounts due to a weak password (Cukier, M). There have been many reports, technical, and psychological on how passwords constructed by humans are more likely than not rather easy and unlockable. The purpose of my study is to look at a few theories of how humans construct passwords, theories on how hackers crack passwords, and what is the information hackers receive from doing so and what do they do with it. I plan to cover all aspects of human made passwords in general while focusing on the human made elements. What I have done in this paper is examine said theories and bring up a new theory by myself on what I believe is why human made passwords are not as strong as they should be. Some variables are what item was hacked, computer, phone etc. Was it password protected, and what was the information or thing the hacker wanted to get.
I will start off touching on a victim of a hacker. Hacked by Mat Honan gives the perspective of a victim of a hacking situation. Which is very rare to have someone who has been badly hacked write about their experience, especially in a technical way. Honan touched on why and how hackers take passwords and what they did to him. The author also goes over ways to prevent this from even happening. The Victim was senior editor Mat Honan of Wired Magazine , ironic enough a technology based one. He was hacked one day after work after he just arrived home, all of his devices had logged him out, phone, laptop and tablets. He got lots of alerts asking him to confirm and enter his password , pin but it was too late, the hacker had already changed it. The hacker actually reached out to him a few days later and talked to him about it. Honan said it was very weird and odd. Hacker said they hacked him for his twitter handle name, looked at his profiles linked to the twitter, which was google and the google was linked to his icloud which was linked to many of Honan’s other things. They decided to just hack everything after they found out who he was. Mat Honan has been a technical journalist for well over a decade at this point of his life and partially blames himself for not having better protection, but he also blamed Apple. He felt Apple should’ve had better security for its customers. The hackers stole all of his files from his computer whatever they may have been, and hacked into one of his banking accounts. Since then Mat Honan states he needs to take security more seriously, he will continue to embrace the internet and use two authentication passwords rather than one. After evaluating Mat Honan hacking situation it shows anyone can be hacked, and also could be a target for something as simple and small as a social media handle name. It set him back in his work and personal life, many things he was not able to recover. All of his passwords were human created, by him and they figured it out by looking into his personal life across multiple social accounts.
Social media contains more than necessary amounts of personal information. How come to sign up for an Instagram or Facebook we need more than just a password and username? Why must we add a phone number that could be tapped or tracked by a hacker, or an email address that we most likely use for other things and can link some serious accounts together. Just about every person is signed into some form of social media (Enea,B). More than 4 billion people use the internet, with social media users well over 3.8 billion users. Nearly 60 percent of the world’s population is in some form of social media account and that was in January 2020, the number will only grow and especially due to the nations pandemic right now, coronavirus, everyone is at home online (Kemp,S). With this many people online it is like target practice for hackers when selecting people. Everyone should take extra precaution when making online accounts with personal information. Facebook’s founder Mark Zuckerberg stated “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time” (Enea,B), and that statement was made ten years ago and it is still true and still evolving in todays world.
A study in 2012 by Euro RSCG Worldwide showed forty percent of Internet users between the ages of 18-35 have regretted posting personal information about themselves, and thirty five percent have regretted posting personal information about someone else. Fifty seven percent of 18-35-year-olds think people share too much about their personal thoughts and experiences, and nearly that many feel technology is robbing them of their privacy (Enea, B). This is crucial because it shows how people not only put their own personal life online and regret it but they at times also put out someone elses whether it be intentional or not it is still very dangerous.
A key factor of how college students more specifically, identity gets stolen are through passwords. If you are using a password to protect your personal identity make sure it isn’t the same as any other password you use. Using a password to protect personal identity is a very risky thing and should think long and hard about the unique password you will make. It is interesting how a lot of people don’t even know if and when they were hacked. Researchers used a series of interviews with six males and six females surveying college students. The study concluded that more likely than not students don’t even notice when their identity has been stolen while on college campus (Seda,L) , possibly due to the many distractions and daily activities college students have regularly.
Yazdi, a student at Florida State University broke down the process people go through when trying to fully crack open a password. Whether it be finding or learning information of the person or it is simply put through some software created to generate passwords with info given. Really goes over different algorithms and codes that work to generate acceptable passwords. Yazdi in conclusion he was working with software which had proven to crack sixty percent of passwords. And predicted that in future work the system can be adapted to identify passwords on cellphones and USB drives. Plus adding more filtering techniques can be developed to find passwords for targeted individuals. What to take from this is a good perspective on the people who crack passwords, and shows how when technology grows so does the bad things about it as well, such as better and more efficient password cracking software.
Yazdi’s report is not only very relevant but it also includes talking about the human memory system, and its forgetfulness. Also goes over new techniques found to create grammar that can incorporates information about a specific topic by giving higher probability values to components that carry information
Password protection has been the go to method of protecting something for the last thirty years and it will most likely never not be the go to method of protection (Li, Y). Li sees the only downside to be human memory limitations. Which I heavily disagree upon, passwords can and will be cracked by those who seek to get into them. Other than that one statement by Li I agree with what else he states in the paper. Also
Murphy, a worker for U.S. healthcare not only gives a great professional example, it is one that gives an insight other than single people or college students. It is our government, also shows how any one can be effected by passwords. Also the source goes over different kinds of passwords and goes over how they are formed and structured (Murphy,D). What is important to recall is that there are many types of passwords human make with letters, numbers, caps, special characters, no matter how it is made , or whether its to someones laptop or a major healthcare organization, if it is human made it can and has a good chance of being broken into.
Vawter went over some recent cases of breeches in personal and company data. It has visuals on amounts of some data breeches in some well known companies. Also touches on comparisons between other authentication methods besides passwords (Vawter,E). Even though the most used online method of protection are human made passwords we have seen some forms of technology take a different turn, whether it be facescan or thumbprint. There are loop holes around those as well as that is for anything but it would be harder to break into rather than a password. And even with cell phone facescan or thumbprint protected phones the device still requires the option of entering a password made by the owner.
In conclusion human made passwords are weak and not as strong as people presume them to be. Due to the growth of technology , not being as aware, or not as tech savvy as they think they are, human made passwords are the easiest form of password for a hacker to break into. What people should do to ensure they aren’t hacked is pretty simple. What you can do is change passwords if not weekly at least monthly, back up your important data on local and cloud files.
References
Cukier, M. (n.d.). Study: Hackers Attack Every 39 Seconds.
Kemp, S. (2020, February 4). Digital 2020: 3.8 billion people use social media.
Enea, B. (2016). The use of social media to gain access to secure accounts
Hennig, N. (2018). Chapter 2: Security. Library Technology Reports, 54(3), 8-21.
Honan, M. (2012). Hacked. Wired, 20(12), N/a.
Yazdi, S. H. (2015). Probabilistic context-free grammar based password cracking: Attack, defense and applications
Seda, L. (2014). Identity theft and university students: Do they know, do they care? Journal of Financial Crime, 21(4), 461-483.
Vawter, E. (2015). Personal online security. Online Searcher, 39(3), 38-43.
Murphy, D. S. (2018). Analysis of user response to complexity in password composition policies in U.S. healthcare organizations
Li, Y. (2019). On enhancing security of password-based authentication