Online Authentication Habits of Indian Users
- URL: http://arxiv.org/abs/2501.14330v1
- Date: Fri, 24 Jan 2025 08:45:53 GMT
- Title: Online Authentication Habits of Indian Users
- Authors: Pratyush Choudhary, Subhrajit Das, Mukul Paras Potta, Prasuj Das, Abhishek Bichhawat,
- Abstract summary: We conducted a survey with 90 participants residing in India to better understand the mindset of people on using password managers and two-factor authentication (2FA)
Our findings suggest that a majority of the participants have used 2FA and password managers in some form, although they are sometimes unaware of their formal names.
The primary motivation for using password managers is the convenience of auto-filling. However, some participants avoid using password managers due to a lack of trust in these tools.
- Score: 1.5354118838872373
- License:
- Abstract: Passwords have been long used as the primary authentication method for web services. Weak passwords used by the users have prompted the use of password management tools and two-factor authentication to ensure better account security. While prior studies have studied their adoption individually, none of these studies focuses particularly on the Indian setting, which is culturally and economically different from the countries in which these studies have been done in the past. To this end, we conducted a survey with 90 participants residing in India to better understand the mindset of people on using password managers and two-factor authentication (2FA). Our findings suggest that a majority of the participants have used 2FA and password managers in some form, although they are sometimes unaware of their formal names. While many participants used some form of 2FA across all their accounts, browser-integrated and device-default password managers are predominantly utilized for less sensitive platforms such as e-commerce and social media rather than for more critical accounts like banking. The primary motivation for using password managers is the convenience of auto-filling. However, some participants avoid using password managers due to a lack of trust in these tools. Notably, dedicated third-party applications show low adoption for both password manager and 2FA. Despite acknowledging the importance of secure password practices, many participants still reuse passwords across multiple accounts, prefer shorter passwords, and use commonly predictable password patterns. Overall, the study suggests that Indians are more inclined to choose default settings, underscoring the need for tailored strategies to improve user awareness and strengthen password security practices.
Related papers
- 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities.
This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users.
An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
arXiv Detail & Related papers (2025-02-17T12:23:53Z) - A Large-Scale Survey of Password Entry Practices on Non-Desktop Devices [2.8698289487200856]
We find that password entry on devices without password managers is a common occurrence and comes with significant usability challenges.
These challenges lead users to weaken their passwords to increase the ease of entry.
We conclude this paper with a discussion of how future research could address these challenges and encourage users to adopt generated passwords.
arXiv Detail & Related papers (2024-09-04T19:28:36Z) - Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords.
Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
arXiv Detail & Related papers (2024-05-24T07:51:15Z) - Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers [7.049738935364298]
Malicious client-side scripts and browser extensions can steal passwords after they have been autofilled by the manager into the web page.
This paper explores what role the password manager can take in preventing the theft of autofilled credentials without requiring a change to user behavior.
arXiv Detail & Related papers (2024-02-09T03:21:14Z) - Tales from the Git: Automating the detection of secrets on code and
assessing developers' passwords choices [8.086010366384247]
This is the first study investigating the developer traits in password selection across different programming languages and contexts.
Despite the fact that developers may have carelessly leaked their code on public repositories, our findings indicate that they tend to use significantly more secure passwords.
arXiv Detail & Related papers (2023-07-03T09:44:10Z) - PassGPT: Password Modeling and (Guided) Generation with Large Language
Models [59.11160990637616]
We present PassGPT, a large language model trained on password leaks for password generation.
We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
arXiv Detail & Related papers (2023-06-02T13:49:53Z) - RiDDLE: Reversible and Diversified De-identification with Latent
Encryptor [57.66174700276893]
This work presents RiDDLE, short for Reversible and Diversified De-identification with Latent Encryptor.
Built upon a pre-learned StyleGAN2 generator, RiDDLE manages to encrypt and decrypt the facial identity within the latent space.
arXiv Detail & Related papers (2023-03-09T11:03:52Z) - Targeted Honeyword Generation with Language Models [5.165256397719443]
Honeywords are fictitious passwords inserted into databases to identify password breaches.
Major difficulty is how to produce honeywords that are difficult to distinguish from real passwords.
arXiv Detail & Related papers (2022-08-15T00:06:29Z) - Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection [44.040106718326605]
The choice of password composition policy to enforce on a password-protected system represents a critical security decision.
In practice, this choice is not usually rigorous or justifiable, with a tendency for system administrators to choose password composition policies based on intuition alone.
We propose a novel methodology that draws on password probability distributions constructed from large sets of real-world password data.
arXiv Detail & Related papers (2020-07-07T22:12:13Z) - Lost in Disclosure: On The Inference of Password Composition Policies [43.17794589897313]
We study how password composition policies influence the distribution of user-chosen passwords on a system.
We suggest a simple approach that produces more reliable results.
We present pol-infer, a tool that implements this approach, and demonstrates its use inferring password composition policies.
arXiv Detail & Related papers (2020-03-12T15:27:00Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.