• Journal of National Security and Military Science
• /
• s.8
• /
• pp.421-465
• /
• 2010

Passwords are used in many ways to protect data, systems, and networks. Passwords are also used to protect files and other stored information. In addition, passwords are often used in less visible ways for authentication. In this article, We provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems. Organizations need to protect the confidentiality, integrity, and availability of passwords so that all authorized users - and no unauthorized users - can use passwords successfully as needed. Integrity and availability should be ensured by typical data security controls, such as using access control lists to prevent attackers from overwriting passwords and having secured backups of password files. Ensuring the confidentiality of passwords is considerably more challenging and involves a number of security controls along with decisions involving the characteristics of the passwords themselves.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1999.11a
• /
• pp.287-293
• /
• 1999

The first stage for computer security is password. If security of password is impotent even constructing of perfect fire-wall, fire-wall is not anything but a good-for-nothing. Because management of password is depend upon an end-user rather than a system-manager, carelessness of password management is an inevitable result. It is a reason that an end-user is actually not able to manage a high-difficulty-password. In this paper, algorithm of password is improved to be difficult of hacking, having a existing password input pattern for an end-user.

• Information Systems Review
• /
• v.3 no.1
• /
• pp.143-157
• /
• 2001

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.150-153
• /
• 2013

By the development of IT, most business has been processed on the IT solution-based servers has increased Therefore, the importance of security of the server is highlighted. And the need for password management server efficient and safe is raised. There is a need to change at least 8 characters to mix the numbers and letters and password change passwords on a regular basis, you need a password for each system account is set in a different way, but the continuation of the system there is a tendency to password problems occur problems caused by the limits of the introduction of human resources and introduction basis occurs. The password management feature, though it is expensive is partially providing integrated access control solutions at home and abroad, there is a drawback that stresses the traffic on the server. Future, we conducted a study of password management solutions for the server of the server is determined IT transformation trend of non-IT field to accelerate, is continuously increasing it accordingly.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

• Asia pacific journal of information systems
• /
• v.33 no.3
• /
• pp.603-623
• /
• 2023

While prior work has conducted individuals' password security behavior, there is a relatively neglect to examine individuals' affect and feelings of password fatigue in password change context. Therefore, this study explicated individuals' affective response to the feelings of password fatigue by drawing on several theoretical lens. Survey data collected from 267 users were used to test the model using partial least square analysis. This study found that feelings of password fatigue positively affected the negative password fatigue-induced affect, and also both the feelings of password fatigue and the negative password fatigue-induced affect were negatively related to attitude toward changing passwords, which in turn, leads to the intention to change passwords. Furthermore, this study found that shadow work recognition negatively moderated the relationship between attitude and behavioral intention. This study could offer a new theoretical perspective to understand an individual's security behavior and provide empirical evidences for practitioners in charge of IT security in organizations.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.9
• /
• pp.1173-1178
• /
• 2019

In this paper, we design a security management application module for an Excel VBA password file. You will set a password for the important VBA program file. If this password is lost, you set a new password. If you forgot the password after setting the password in the Excel VBA file, you will not be able to change the VBA source code. In this paper, we design a function to modify VBA file passwords conveniently. The VBA password modification module extracts VBA files from Excel files. The password can be modified by modifying specific field information in the extracted VBA program file. This allows you to modify the password for the VBA program file. The experiments were performed by implementing the contents proposed in this paper. As a result of the experiment, we can confirm that the password can be used by modifying the VBA file password.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.125-134
• /
• 2018

Lamport firstly suggested password base authentication scheme and then, similar authentication schemes have been studied. Due to the development of Internet network technology, remote user authentication using smart card has been studied. Li et al. analyzed authentication scheme of Chen et al. and then, Li et al. found out the security weakness of Chen et al.'s scheme such forward secrecy and the wrong password login problem, and proposed an a new smart card based user password authentication scheme. But Liu et al. found out that Li et al.'s scheme still had security problems such an insider attack and man-in-the-middle attack and then Liu et al. proposed an efficient and secure smart card based password authentication scheme. This paper analyzed Liu et al.'s authentication and found out that Liu et al.'s authentication has security weakness such as no perfect forward secrecy, off-line password guessing attack, smart-card loss attack, and no anonymity. And then, this paper proposed security enhanced efficient smart card based password authentication scheme using fuzzy extraction technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1251-1258
• /
• 2016

Recently, leaks of the personal information of Internet users have been occurring too frequently. Generally, Internet users have email accounts. The use of email as a communications tool in the private and public sectors has increased. Therefore, in email usage, password management to ensure a more secure email service is most important. In this study, we conducted an online survey of email users and analyzed their responses by using structural equation modeling software to find the psychological and behavioral characteristics of their password management. The results of this study provide useful suggestions on information security strategies related to email password management at both the enterprise and individual levels.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.961-972
• /
• 2016

For securing password-based authentication, a user must select and manage a strong password that has sufficient length and randomness. Unfortunately, however, it is known that many users are likely to choose easy-to-remember weak passwords and very poorly manage them. In this paper, we study a domestic user case of password selection and management. We conducted a survey on 327 domestic users and analyzed their tendency on password creation and update strategies, and also on the password structure and account management. We then analyzed an effect of a server's password creation rule on a structure of a user-chosen password. Our findings include that there are password structures and special characters that users significantly prefer while the effect of server's password creation rule is insignificant.