@article{1129,
  author = {Muhammad Adeka, Simon Shepherd, Raed Abd-Alhameed},
  title = {Password Security Awareness in African Countries within the Context of Password Security Purgatory},
  journal = {Journal of Information Security Research},
  year = {2013},
  volume = {4},
  number = {1},
  doi = {},
  url = {http://www.dline.info/jisr/fulltext/v4n1/1.pdf},
  abstract = {In spite of the existence of more attack-resistant authentication schemes, passwords are the most popular means of access control. They also constitute the first line of defence in cyber-based security systems. Unfortunately, the twin problem of multiplicity of passwords combined with destructive human factors has resulted in numerous rules which have made password management cumbersome. The resultant evasive tendency on the part of users has created a divergence among security experts. Using a survey, this paper examines the level of password security awareness in Africa, vis a vis the current divergence among security engineers as regards the rules governing best practices in the use of passwords: should they be written down or memorized; changed frequently or remain permanent? It also proposes a possible way out in respect of the password security purgatory phenomenon. It is posited that, in order to enhance password security, there should be a delicate balance between having enough rules to maintain good security and not having too many rules that would compel users to take evasive actions; i.e., human factors should be given priority over technological factors. The password security survey further confirmed the fear that most Internet users are inclined to choosing passwords that are both meaningful and easily remember-able. Similarly, in Africa, and probably most developing countries, senior executives are less security conscious compared to their subordinates, as regards password related matters. The paper proposes the use of the (k, n)- Threshold Scheme, such as the Shamir’s secret-sharing scheme, to enhance the security of the password repository. This presupposes an inclination towards writing down the password: they could be stored securely, along with other valuables, even where other modern technological facilities are not available.},
}