Research Article
BibTex RIS Cite

Bilişsel Uyumsuzluk ve Parola Güvenliği: Kullanıcı Eğilimlerinin Analizi

Year 2025, Volume: 16 Issue: 3, 1187 - 1203, 29.09.2025

Abstract

Günümüzde bilgi güvenliği, dijitalleşmenin hızla artması ve çevrim içi platformların yaygınlaşmasıyla kritik bir konu haline gelmiştir. Zayıf ve tahmin edilebilir parolalar, siber saldırılara karşı en yaygın güvenlik açıklarından birini oluşturmaktadır. Kullanıcıların parola oluşturma süreçlerinde sıklıkla tercih ettikleri basit ve tekrar eden parola yapıları, hesap güvenliğini tehdit eden unsurlar arasında yer almaktadır. Bu durum, kullanıcıların bilişsel süreçlerini anlamaya ve güçlü parola oluşturma alışkanlıklarını teşvik eden çözümler geliştirmeye olan ihtiyacı artırmaktadır. Bu çalışma, kullanıcıların bilişsel parola eğilimlerini analiz eden ve güçlü-zayıf parola ayrımını değerlendirerek kullanıcıya öneriler sunan bir web tabanlı sistem geliştirmeyi amaçlamaktadır. React tabanlı bu sistem, kullanıcıların parola oluşturma süreçlerinde verdikleri bilişsel tepkileri incelemektedir. Dinamik geri bildirim mekanizmaları aracılığıyla kullanıcılar, güçlü parola oluşturma süreçlerinde rehberlik edilmekte ve parola güvenliği konusunda farkındalıkları artırılmaktadır. Ayrıca, kullanıcı davranışlarından elde edilen veriler, daha etkili parola politikalarının oluşturulmasına katkı sağlamaktadır. Bu sistem, sadece bireysel kullanıcılar için değil, aynı zamanda kuruluşların parola güvenliği politikalarını geliştirmek ve eğitim süreçlerini desteklemek için de bir çözüm sunmaktadır. Çalışmanın temel amacı, bilgi güvenliğini tehdit eden zayıf parola alışkanlıklarının önüne geçmek ve kullanıcıları daha güvenli dijital bir ekosisteme yönlendirmektir.

References

  • Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. DOI:10.1109/SP.2012.44
  • Choudhary, M., Srivatsa, K., Upadhyay, I., & Srivastava, P. (2021). Is convenient secure? Exploring the impact of metacognitive beliefs in password selection. Proceedings of the Annual Meeting of the Cognitive Science Society, 43. Retrieved from https://escholarship.org/uc/item/7v1654s9
  • Choong, Y. & Theofanos, M. (2015). What 4,500+ People Can Tell You: Employees' Attitudes Toward Organizational Password Policy Do Matter.DOI:10.1007/978-3-319-20376-8_27
  • Di Campi, A. M. (2021). Password guessing: learn the nature of passwords by studying the human behavior. Retrieved from http://dspace.unive.it/handle/10579/19986
  • Di Campi, A. M. & Luccio, F. (2024). Understanding how users choose passwords: analysis and best practices. Retrieved from https://iris.unive.it/handle/10278/5057507#
  • De Carné de Carnavalet, X. & Mannan, M. (2014). From Very Weak to Very Strong: Analyzing Password-Strength Meters. Retrieved from https://spectrum.library.concordia.ca/id/eprint/978105/
  • Festinger, L. (1957). A theory of cognitive dissonance. Stanford University Press.
  • Florencio, D. & Herley, C. (2007). A large-scale study of web password habits.DOI: 10.1145/1242572.1242661 Joe Beach Capital. (n.d.). Top 10 million passwords. kaggle. Retrieved from https://www.kaggle.com/datasets/joebeachcapital/top-10-million-passwords
  • Jha, Anand & Bhatele, Kirti Raj & Philip, Prajeesh & Mishra, Khushi. (2022). Graphical password authentication system for web and mobile applications in javascript. DOI:10.4018/978-1-6684-5827-3.ch011.
  • Kennison, S. M., & Chan-Tin, D. E. (2023). Personality and cognitive factors in password security behaviors. North American Journal of Psychology, 25(3), 599–618.
  • Katsini, C., Fidas, C., Belk, M., Samaras, G., & Avouris, N. (2019). A Human-cognitive perspective of users’ password choices in recognition-based graphical authentication. International Journal of Human–Computer Interaction, 35(19), 1800–1812. https://doi.org/10.1080/10447318.2019.1574057
  • Kostić, M. & Saveljić I. (2023). Gamification as a Tool for Elevating Password Strength Awareness. Retrieved from https://ceur-ws.org/Vol-3676/short_03.pdf
  • LastPass Security Team. (2020). New report: Combatting cognitive dissonance in password creation. LastPass Blog. Retrieved from https://blog.lastpass.com/posts/new-report-combatting-cognitive-dissonance-in-password-creation
  • Li, S. , Romdhani, I., & Buchanan, W. (2016). Password Pattern and Vulnerability Analysis for Web and Mobile Applications https://doi.org/10.3969/j.issn.1673-5188.2016.S0.006
  • Mark Deanil Vicente. (2024). check-password-strength. Retrieved from https://github.com/deanilvincent/check-password-strength
  • Morph1Max. (2021). Password security sber dataset. kaggle. Retrieved from https://www.kaggle.com/datasets/morph1max/password-security-sber-dataset/data
  • Perez, M. (2021). New report: Combatting cognitive dissonance in password creation. Retrieved from https://www.netsec.news/cognitive-dissonance-password-creation/
  • Shay, R., Komanduri, S., Mazurek, M. L., Segreti, S., Ur, B., Bauer, L., Christin, N., & Cranor, L. F. (2010). Encountering stronger password requirements: User attitudes and behaviors. DOI:10.1145/1837110.1837113
  • Scholefield, S., & Shepherd, L. A. (2019). Gamification techniques for raising cyber security awareness.10.48550/arXiv.1903.08454.
  • Shin, SJ. (2022). react-password-strength-bar. Retrieved from https://gith Ur, B., et al. (2015). I added '!' at the end to make it secure": Observing password creation in the lab.DOI:10.5555/3235866.3235877.

Cognitive Dissonance and Password Security: Analysis of User Trends

Year 2025, Volume: 16 Issue: 3, 1187 - 1203, 29.09.2025

Abstract

In today's digital era, information security has become a critical concern due to the rapid growth of digitalization and the widespread use of online platforms. Weak and predictable passwords are among the most common vulnerabilities exploited in cyberattacks. The frequent use of simple and repetitive password patterns highlights the importance of understanding users' cognitive processes and developing solutions to promote strong password creation habits.This study aims to develop a web-based system to analyze users' cognitive password tendencies, evaluate strong-weak password distinctions, and provide suggestions to users. The React-based system examines users' cognitive responses during password creation processes. Through dynamic feedback mechanisms, users are guided in creating strong passwords, enhancing their awareness of password security. Additionally, the insights derived from user behavior contribute to the development of more effective password policies.This system not only serves individual users but also provides a solution for organizations to enhance their password security policies and support educational initiatives. The primary objective of this study is to address the security risks posed by weak password habits and to guide users toward a more secure digital ecosystem.

References

  • Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. DOI:10.1109/SP.2012.44
  • Choudhary, M., Srivatsa, K., Upadhyay, I., & Srivastava, P. (2021). Is convenient secure? Exploring the impact of metacognitive beliefs in password selection. Proceedings of the Annual Meeting of the Cognitive Science Society, 43. Retrieved from https://escholarship.org/uc/item/7v1654s9
  • Choong, Y. & Theofanos, M. (2015). What 4,500+ People Can Tell You: Employees' Attitudes Toward Organizational Password Policy Do Matter.DOI:10.1007/978-3-319-20376-8_27
  • Di Campi, A. M. (2021). Password guessing: learn the nature of passwords by studying the human behavior. Retrieved from http://dspace.unive.it/handle/10579/19986
  • Di Campi, A. M. & Luccio, F. (2024). Understanding how users choose passwords: analysis and best practices. Retrieved from https://iris.unive.it/handle/10278/5057507#
  • De Carné de Carnavalet, X. & Mannan, M. (2014). From Very Weak to Very Strong: Analyzing Password-Strength Meters. Retrieved from https://spectrum.library.concordia.ca/id/eprint/978105/
  • Festinger, L. (1957). A theory of cognitive dissonance. Stanford University Press.
  • Florencio, D. & Herley, C. (2007). A large-scale study of web password habits.DOI: 10.1145/1242572.1242661 Joe Beach Capital. (n.d.). Top 10 million passwords. kaggle. Retrieved from https://www.kaggle.com/datasets/joebeachcapital/top-10-million-passwords
  • Jha, Anand & Bhatele, Kirti Raj & Philip, Prajeesh & Mishra, Khushi. (2022). Graphical password authentication system for web and mobile applications in javascript. DOI:10.4018/978-1-6684-5827-3.ch011.
  • Kennison, S. M., & Chan-Tin, D. E. (2023). Personality and cognitive factors in password security behaviors. North American Journal of Psychology, 25(3), 599–618.
  • Katsini, C., Fidas, C., Belk, M., Samaras, G., & Avouris, N. (2019). A Human-cognitive perspective of users’ password choices in recognition-based graphical authentication. International Journal of Human–Computer Interaction, 35(19), 1800–1812. https://doi.org/10.1080/10447318.2019.1574057
  • Kostić, M. & Saveljić I. (2023). Gamification as a Tool for Elevating Password Strength Awareness. Retrieved from https://ceur-ws.org/Vol-3676/short_03.pdf
  • LastPass Security Team. (2020). New report: Combatting cognitive dissonance in password creation. LastPass Blog. Retrieved from https://blog.lastpass.com/posts/new-report-combatting-cognitive-dissonance-in-password-creation
  • Li, S. , Romdhani, I., & Buchanan, W. (2016). Password Pattern and Vulnerability Analysis for Web and Mobile Applications https://doi.org/10.3969/j.issn.1673-5188.2016.S0.006
  • Mark Deanil Vicente. (2024). check-password-strength. Retrieved from https://github.com/deanilvincent/check-password-strength
  • Morph1Max. (2021). Password security sber dataset. kaggle. Retrieved from https://www.kaggle.com/datasets/morph1max/password-security-sber-dataset/data
  • Perez, M. (2021). New report: Combatting cognitive dissonance in password creation. Retrieved from https://www.netsec.news/cognitive-dissonance-password-creation/
  • Shay, R., Komanduri, S., Mazurek, M. L., Segreti, S., Ur, B., Bauer, L., Christin, N., & Cranor, L. F. (2010). Encountering stronger password requirements: User attitudes and behaviors. DOI:10.1145/1837110.1837113
  • Scholefield, S., & Shepherd, L. A. (2019). Gamification techniques for raising cyber security awareness.10.48550/arXiv.1903.08454.
  • Shin, SJ. (2022). react-password-strength-bar. Retrieved from https://gith Ur, B., et al. (2015). I added '!' at the end to make it secure": Observing password creation in the lab.DOI:10.5555/3235866.3235877.
There are 20 citations in total.

Details

Primary Language Turkish
Subjects Knowledge Representation and Reasoning
Journal Section Articles
Authors

Mustafa Bilgehan İmamoğlu 0000-0002-3496-2959

Aleyna Eser This is me 0009-0001-7263-2352

Publication Date September 29, 2025
Submission Date February 13, 2025
Acceptance Date September 23, 2025
Published in Issue Year 2025 Volume: 16 Issue: 3

Cite

APA İmamoğlu, M. B., & Eser, A. (2025). Bilişsel Uyumsuzluk ve Parola Güvenliği: Kullanıcı Eğilimlerinin Analizi. Gümüşhane Üniversitesi Sosyal Bilimler Dergisi, 16(3), 1187-1203.