Abstract
Combinations of account identifier (e.g., username) and key phrase (i.e., password) are among the most utilized form of credentials for several types of authentication purposes, such as, user verification, connection to public and private networks, and access to digital resources. Typically, usernames are considered a method of account or user identification, whereas passwords are regarded as the crucial component that protects from attackers and prevents breaches. As a result, the level of security of a set of digital credentials is primarily associated with the strength of the key phase, and most of the attention focused on promoting initiatives for increasing password security. Unfortunately, account identifiers received less consideration. Consequently, users are aware of how to enforce the security of their password, though they might prefer more convenient options. Contrarily, several bad practices are caused by overlooking usernames as the first line of defense. In this paper, we highlight the increasing importance of account names and we overview the main username practices that impact account security. Furthermore, we present the results of a study that evaluated how human factors and individuals’ awareness impact username security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Caporusso, N., Chea, S., Abukhaled, R.: A game-theoretical model of ransomware. In: International Conference on Applied Human Factors and Ergonomics, pp. 69–78. Springer, Cham, July 2018. https://doi.org/10.1007/978-3-319-94782-2_7
Dev, J.A.: Usage of botnets for high speed MD5 hash cracking. In: Third International Conference on Innovative Computing Technology (INTECH 2013), pp. 314–320. IEEE, August 2013
Brumen, B., Taneski, V.: Moore’s curse on textual passwords. In: 2015 28th International Convention on Information and Communication Technology, Electronics and Micro-electronics (MIPRO) (2015). https://doi.org/10.1109/MIPRO.2015.7160486
National Institute of Standards and Technology Special Publication 800-63B., p. 78, June 2017. https://doi.org/10.6028/NIST.SP.800-63b
Onaolapo, J., Mariconti, E., Stringhini, G.: What happens after you are pwnd: understanding the use of leaked webmail credentials in the wild. In: Proceedings of the 2016 Internet Measurement Conference, pp. 65–79. ACM, November 2016
Lenig, S., Caporusso, N.: Minecrafting virtual education. In: International Conference on Applied Human Factors and Ergonomics, pp. 275–282. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94619-1_27
Hunt, T.: Password reuse, credential stuffing and another billion records in have i been pwned, May 2017. https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/. Accessed 31 Jan 2018
Stainbrook, M., Caporusso, N.: Convenience or strength? Aiding optimal strategies in password generation. In: International Conference on Applied Human Factors and Ergonomics, pp. 23–32. Springer, Cham, July 2018. https://doi.org/10.1007/978-3-319-94782-2_3
Basta, A.: Computer Security and Penetration Testing, 2nd edn. Cengage Learning. VitalBook file (2015). Accessed 8 Aug 2013
Shi, Y.: A method of discriminating user’s identity similarity based on username feature greedy matching. Paper Presented at the 2018 2nd International Conference on Cryptography, Security, and Privacy, March 2018. https://doi.org/10.1145/3199478.3199512
Wang, L., Li, Y., Sun, K.: Amnesia: a bilateral generative password manager. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 313–322 (2016)
Jenkins, J.L., Grimes, M., Proudfoot, J., Lowry, P.B.: Improving password cybersecurity through inexpensive and minimally invasive means: detecting and deterring password reuse through keystroke-dynamics monitoring and just-in-time warnings. Inf. Technol. Dev. 20(2), 196–213 (2013)
Perito, D., Castelluccia, C., Kaafar, M.A., Manils, P.: How unique and traceable are usernames? In: Privacy Enhancing Technologies. Lecture Notes in Computer Science, pp. 1–17 (2011). https://doi.org/10.1007/978-3-642-22263-4_1
Xiao, X., Caporusso, N.: Comparative evaluation of cyber migration factors in the current social media landscape. In: 2018 6th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 102–107. IEEE, August 2018. https://doi.org/10.1109/W-FiCloud.2018.00022
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., Bursztein, E.: Data breaches, phishing, or malware? Understanding the risks of stolen credentials. Paper Presented at the 2017 ACM SIGSAC Conference on Computer and Communications Security, October 2017. https://doi.org/10.1145/3133956.3134067
Caporusso, N., Stainbrook, M.: Comparative evaluation of security and convenience trade-offs in password generation aiding systems. In: International Conference on Applied Human Factors and Ergonomics. Springer, July 2019. (to be published)
Johansson, J.M., Brezinski, D.I., Hamer, K.L.: U.S. Patent No. US13277423, U.S. Patent and Trademark Office, Washington, D.C. (2011)
Tam, L., Glassman, M., Vandenwauver, M.: The psychology of password management: a tradeoff between security and convenience. Behav. Inf. Technol. 29(3), 233–244 (2010). https://doi.org/10.1080/01449290903121386
Bošnjak, L., Brumen, B.: Improving the evaluation of shoulder surfing attacks. In: Proceedings of the 8th International Conference on Web Intelligence, Mining and Semantics (2018). https://doi.org/10.1145/3227609.3227687
Bevilacqua, V.: Retinal fundus biometric analysis for personal identifications. In: International Conference on Intelligent Computing, pp. 1229–1237. Springer, Heidelberg, September 2008
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Fandakly, T., Caporusso, N. (2020). Beyond Passwords: Enforcing Username Security as the First Line of Defense. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-20488-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20487-7
Online ISBN: 978-3-030-20488-4
eBook Packages: EngineeringEngineering (R0)