Evaluation of Effective Password Generation Processes in Terms of Cyber Security

Year 2025, Volume: 14 Issue: 3, 1306 - 1330, 30.09.2025

İbrahim Ayaz , Muhammed Zekeriya Gündüz

https://doi.org/10.17798/bitlisfen.1569257

Abstract

The increasing frequency and sophistication of cyber-attacks have underscored the critical importance of strong, secure passwords in protecting digital identities. This study evaluates the effectiveness of password generation processes within the context of cyber security, focusing on various methods for creating secure passwords, from traditional alphanumeric combinations to advanced passphrases that incorporate special characters and multi-factor authentication. While long and complex passwords are essential for robust security, the research also emphasizes the importance of user awareness and consistent password management practices in mitigating risks. This study also emphasizes that information security cannot be achieved through technological solutions alone, highlighting the critical role of end-user cyber security awareness. Effective password generation and usage are central to safeguarding sensitive systems and data, and the article presents strategies for developing this skill, offering examples and suggestions to foster awareness and improve password security practices. We advocate for user-friendly yet secure password-generation techniques to strengthen cyber security resilience in the digital age.

Keywords

Cyber security , Data security , Secure password , Passphrase

Ethical Statement

There is no conflict of interest between the authors. The study is complied with research and publication ethics.

References

• C. Online, “Şifre güvenliği ve hack.” https://www.chip.com.tr/haber/sifre-guvenligi-ve-hack_17955.html (accessed Oct. 11, 2024).
• M. Dell’Amico, P. Michiardi, and Y. Roudier, “Password strength: An empirical analysis,” in Proc. IEEE INFOCOM, Mar. 2010, pp. 1–9, doi: 10.1109/INFCOM.2010.5461951.
• U. Bodkhe, J. Chaklasiya, P. Shah, S. Tanwar, and M. Vora, “Markov model for password attack prevention,” in Proc. 1st Int. Conf. Computing, Communications, and Cyber-Security (IC4S 2019), P. K. Singh, W. Pawłowski, S. Tanwar, N. Kumar, J. J. P. C. Rodrigues, and M. S. Obaidat, Eds. Singapore: Springer, 2020, pp. 831–843, doi: 10.1007/978-981-15-3369-3_61.
• A. Nosenko, Y. Cheng, and H. Chen, “Password and passphrase guessing with recurrent neural networks,” Inf. Syst. Front., vol. 25, no. 2, pp. 549–565, Apr. 2023, doi: 10.1007/s10796-022-10325-x.
• M. Jin, J. Ye, R. Shen, and H. Lu, “Search-based ordered password generation of autoregressive neural networks,” Mar. 15, 2024, arXiv:2403.09954, doi: 10.48550/arXiv.2403.09954.
• Y. Li, H. Wang, and K. Sun, “Personal information in passwords and its security implications,” IEEE Trans. Inf. Forensics Secur., vol. 12, no. 10, pp. 2320–2333, Oct. 2017, doi: 10.1109/TIFS.2017.2705627.
• Y. Guo, Z. Zhang, Y. Guo, and X. Guo, “Nudging personalized password policies by understanding users’ personality,” Comput. Secur., vol. 94, p. 101801, Jul. 2020, doi: 10.1016/j.cose.2020.101801.
• M. Siponen, P. Puhakainen, and A. Vance, “Can individuals’ neutralization techniques be overcome? A field experiment on password policy,” Comput. Secur., vol. 88, p. 101617, Jan. 2020, doi: 10.1016/j.cose.2019.101617.
• N. Huaman, S. Klivan, M. Oltrogge, Y. Acar, and S. Fahl, “They would do better if they worked together: The case of interaction problems between password managers and websites,” in Proc. IEEE Symp. Security and Privacy (SP), May 2021, pp. 1367–1381, doi: 10.1109/SP40001.2021.00094.
• I. Mannuela, J. Putri, Michael, and M. S. Anggreainy, “Level of password vulnerability,” in Proc. 1st Int. Conf. Computer Science and Artificial Intelligence (ICCSAI), Oct. 2021, pp. 351–354, doi: 10.1109/ICCSAI53272.2021.9609778.
• “How secure is my password?” https://howsecureismypassword.net/ (accessed Dec. 03, 2024).
• “Kaspersky: Secure password check.” https://password.kaspersky.com (accessed Dec. 03, 2024).
• “Securely store, manage & autofill passwords,” NordPass. https://nordpass.com/ (accessed Dec. 03, 2024).
• “Password tester | Test your password strength,” Bitwarden. https://bitwarden.com/password-strength/ (accessed Dec. 03, 2024).
• “Password manager - For everyone, everywhere - LastPass.” https://www.lastpass.com/password-manager (accessed Dec. 03, 2024).
• “Have I been pwned: Pwned passwords.” https://haveibeenpwned.com/passwords (accessed Dec. 03, 2024).
• F. Yu and H. Yin, “A security analysis of the authentication mechanism of password managers,” in Proc. IEEE 21st Int. Conf. Communication Technology (ICCT), Oct. 2021, pp. 865–869, doi: 10.1109/ICCT52962.2021.9657969.
• S. Furnell, “Assessing website password practices – Unchanged after fifteen years?,” Comput. Secur., vol. 120, p. 102790, Sep. 2022, doi: 10.1016/j.cose.2022.102790.
• K. H. Hong and B. M. Lee, “A deep learning-based password security evaluation model,” Appl. Sci., vol. 12, no. 5, Art. no. 5, Jan. 2022, doi: 10.3390/app12052404.
• M. Z. Gündüz and R. Daş, “Sosyal mühendislik: Yaygın ataklar ve güvenlik önlemleri,” presented at the 9th Int. Conf. Information Security and Cryptology, 2016.
• M. Z. Gündüz and R. Daş, “Kişisel siber güvenlik yaklaşımlarının değerlendirilmesi,” DUJE, vol. 13, no. 3, Art. no. 3, Sep. 2022, doi: 10.24012/dumf.1122997.
• A. A. Hamza and J. S. Al-Janabi, “Detecting brute force attacks on SSH and FTP protocol using machine learning: A survey,” J. Al-Qadisiyah Comput. Sci. Math., vol. 16, no. 1, Art. no. 1, Mar. 2024, doi: 10.29304/jqcsm.2024.16.11432.
• H. Hussain, “Password security: Best practices and management strategies,” Social Science Research Network, Rochester, NY, Jun. 14, 2022, doi: 10.2139/ssrn.4136333.
• C. W. Munyendo, Y. Acar, and A. J. Aviv, “In eighty percent of the cases, I select the password for them: Security and privacy challenges, advice, and opportunities at cybercafes in Kenya,” in Proc. IEEE Symp. Security and Privacy (SP), May 2023, pp. 570–587, doi: 10.1109/SP46215.2023.10179410.
• A. P. Umejiaku, P. Dhakal, and V. S. Sheng, “Balancing password security and user convenience: Exploring the potential of prompt models for password generation,” Electronics, vol. 12, no. 10, Art. no. 10, Jan. 2023, doi: 10.3390/electronics12102159.
• “Dashlane password manager,” Dashlane. https://ripleyprd.wpengine.com/ (accessed Dec. 03, 2024).
• D. Reichl, “KeePass password safe.” https://keepass.info/ (accessed Dec. 03, 2024).
• “Random.org - Password generator.” https://www.random.org/passwords/ (accessed Dec. 03, 2024).
• N. Lykousas and C. Patsakis, “Decoding developer password patterns: A comparative analysis of password extraction and selection practices,” Comput. Secur., vol. 145, p. 103974, Oct. 2024, doi: 10.1016/j.cose.2024.103974.