Using gamification and fear appeal instead of password strength meters to increase password entropy

It is very common for users to create weak passwords. Currently, the majority of websites deploy password strength meters to provide timely feedback. These meters are in wide use and their effects on the security of passwords have been relatively well studied. In this paper another type of feedback is studied: a gamified approach supported by fear appeal. In this approach, users are encouraged to make passwords stronger through the use of visual and textual stories. This approach is supported by data-driven suggestions about how to improve password security as well as by fear appeal. To prove the effectiveness of this gamified password creation process, an experiment was performed in which users changed their passwords in two ways: without any feedback, and with gamified feedback with fear appeal. To support the initial findings a questionnaire was completed by participants at the end of research.

DOI: 10.2478/sjpna-2019-0010

Scientific Journal of Polish Naval Academy, 2019, vol. 217, No. 2, accepted to print

download >>>

Attack on Students’ Passwords, Findings and Recommendations

Passwords are still the most widespread method of authentication. It is well known and very common for users to create weak passwords. We decided to check the strength of passwords of real systems by cracking MD5 hashes. The results have dismayed us given that 94,94% of passwords were cracked within just a few days. In order to understand the results of cracking better, we asked students about their password conventions, and the strength of selected passwords. We report herein on the most interesting findings as well as their recommendations.

DOI: 10.1007/978-3-030-19501-4_42
Engineering in Dependability of Computer Systems and Networks, pp 425-434, DepCoS-RELCOMEX 2019. Advances in Intelligent Systems and Computing, vol 987. Springer, Cham


Engineering in Dependability of Computer Systems and Networks, pp 425-434, DepCoS-RELCOMEX 2019. Advances in Intelligent Systems and Computing, vol 987. Springer, Cham

Metody deanonimizacji użytkowników wybranych kryptowalut na przykładzie bitcoina

Celem artykułu jest przedstawienie metod umożliwiających deanonimizację użytkowników kryptowalut na przykładzie najpopularniejszej z nich — bitcoina. Na wstępie przedstawiono podstawowe pojęcia oraz zasadę działania tej kryptowaluty, po czym dokonano autorskiej systematyzacji typów transakcji wzbogaconej o wykresy ukazujące ich ilościowe występowanie w łańcuchu bloków. W głównej części pracy przedstawiono heurystyki wykorzystywane przy deanonimizacji użytkowników. Następnie skupiono się na praktycznych wskazówkach ułatwiających implementację omówionych heurystyk w rzeczywistym systemie deanonimizacyjnym. Pokazane zostały także rzeczywiste scenariusze wykorzystania heurystyk wzbogacone o komentarze będące wynikiem doświadczeń płynących z przeprowadzonych przez autorów ekspertyz. W ostatniej części wskazano uwarunkowania prawne oraz istniejące narzędzia wspomagające przeprowadzanie czynności deanonimizacyjnych.


Deanonymization of bitcoin cryptocurrency users

The aim of this article is to show how one can deanonymize users of cryptocurrencies. To this end the most popular of the cryptocurrencies, i.e. bitcoin is used as an example. At the beginning, the basic concepts about cryptocurrencies are presented. Afterwards, our approach to systematize the types of transactions existing in the blockchain is proposed. This part is enriched with the graphs showing their quantitative occurrence in the blockchain. The main part of this article presents the heuristics use to deanonymize users. A few practical pieces of advice for implementation of the presented heuristics in the real deanonymizing system are included. Then the real case studies are introduced. They are supported with comments based on the experience from court trials carried out by the authors. The final part contains legal regulations and existing tools supporting the deanonymizing process.


DOI: 10.5604/01.3001.0013.1466
GICID: 01.3001.0013.1466
Biuletyn WAT 2019; 68 (1): 51-77


Link: https://biuletynwat.pl/resources/html/article/details?id=188205