Tell me where you live and I will tell your P@ssw0rd: Understanding the macrosocial factors influencing password’s strength

Retour à la liste des conférenciers et sessions
Écoutez la diffusion
There are many ways to attack organizations, and credential stuffing is one of these. Depending on the strength of users’ passwords, crackers can decrypt passwords in a matter of seconds, hours or they may never succeed. Even if there was a significant advancement in attackers' abilities to perform password cracking, passwords remain the dominant authentication method not replaced but merely augmented by multi-factor authentication (MFA). The knowledge about passwords’ use must be deepened in order to respond to the protection needs of cybersecurity clients and adapting to specific aspect of their reality. Adopting a macrosocial approach, the present study explores different factors influencing passwords’ quality. We combined NorthPass’s list of the 200 most common passwords in 49 different countries to several other databases of country’s social and economic indicators like GDP, mean education level, amount of data breaches experienced in the country, etc.

The results reveal that a higher literacy level is associated with higher passwords’ quality. Also, the number of Internet users is inversely associated with password quality which indicates that living in a highly connected country is not a factor that increase information’s protection. The study participates in the understanding of macrosocial protection’s factors in order to adapt password lists.

Andreanne Bergeron Cybersecurity Researcher, GoSecure

Andréanne Bergeron has a Ph.D. in criminology from Montreal University and works as a cybersecurity researcher at GoSecure. Acting as the social scientist of the team, she is interested in online attackers’ behaviors. She is an experienced presenter with over 38 academic conferences and is now focusing on the infosec field. She has presented at BSides Montreal, NorthSec and Human Factor in Cybercrime.