Omar Saad Almousa, Jordan University of Science and Technology, Jordan

Passwords are ubiquitous and this will continue for long. Strong passwords are a necessity to protect sensitive information. However, users not only tend to pick weak passwords, but also reuse them over several authentication systems. The existence of weak passwords in a system not only jeopardize that system, but also other systems with overlapping users because of password reuse phenomena. Investigating users’ behaviour in password creation leads to finding ways to avoid weak passwords. One aspect of that is to study the very passwords. In this study we analyse 662 passwords created by fresh students in our faculty. The students picked their passwords to authenticate themselves to a platform for programming practice and assignment solving. Our analysis relied on basic structural parameters such as password length, constructing characters, and entropy. To that end, we coined two definitions for weak and strong passwords. One is alphabet-based, and the other is entropy based. Accordingly, we found that majority of students do not tend to create strong passwords. We believe that this is due to the lack of enforcement of a strong password policy.

Passwords, analysis, weak password, strong password