Araştırma Makalesi
BibTex RIS Kaynak Göster

Bilişsel Uyumsuzluk ve Parola Güvenliği: Kullanıcı Eğilimlerinin Analizi

Yıl 2025, Cilt: 16 Sayı: 3, 1187 - 1203, 29.09.2025

Öz

Günümüzde bilgi güvenliği, dijitalleşmenin hızla artması ve çevrim içi platformların yaygınlaşmasıyla kritik bir konu haline gelmiştir. Zayıf ve tahmin edilebilir parolalar, siber saldırılara karşı en yaygın güvenlik açıklarından birini oluşturmaktadır. Kullanıcıların parola oluşturma süreçlerinde sıklıkla tercih ettikleri basit ve tekrar eden parola yapıları, hesap güvenliğini tehdit eden unsurlar arasında yer almaktadır. Bu durum, kullanıcıların bilişsel süreçlerini anlamaya ve güçlü parola oluşturma alışkanlıklarını teşvik eden çözümler geliştirmeye olan ihtiyacı artırmaktadır. Bu çalışma, kullanıcıların bilişsel parola eğilimlerini analiz eden ve güçlü-zayıf parola ayrımını değerlendirerek kullanıcıya öneriler sunan bir web tabanlı sistem geliştirmeyi amaçlamaktadır. React tabanlı bu sistem, kullanıcıların parola oluşturma süreçlerinde verdikleri bilişsel tepkileri incelemektedir. Dinamik geri bildirim mekanizmaları aracılığıyla kullanıcılar, güçlü parola oluşturma süreçlerinde rehberlik edilmekte ve parola güvenliği konusunda farkındalıkları artırılmaktadır. Ayrıca, kullanıcı davranışlarından elde edilen veriler, daha etkili parola politikalarının oluşturulmasına katkı sağlamaktadır. Bu sistem, sadece bireysel kullanıcılar için değil, aynı zamanda kuruluşların parola güvenliği politikalarını geliştirmek ve eğitim süreçlerini desteklemek için de bir çözüm sunmaktadır. Çalışmanın temel amacı, bilgi güvenliğini tehdit eden zayıf parola alışkanlıklarının önüne geçmek ve kullanıcıları daha güvenli dijital bir ekosisteme yönlendirmektir.

Kaynakça

  • Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. DOI:10.1109/SP.2012.44
  • Choudhary, M., Srivatsa, K., Upadhyay, I., & Srivastava, P. (2021). Is convenient secure? Exploring the impact of metacognitive beliefs in password selection. Proceedings of the Annual Meeting of the Cognitive Science Society, 43. Retrieved from https://escholarship.org/uc/item/7v1654s9
  • Choong, Y. & Theofanos, M. (2015). What 4,500+ People Can Tell You: Employees' Attitudes Toward Organizational Password Policy Do Matter.DOI:10.1007/978-3-319-20376-8_27
  • Di Campi, A. M. (2021). Password guessing: learn the nature of passwords by studying the human behavior. Retrieved from http://dspace.unive.it/handle/10579/19986
  • Di Campi, A. M. & Luccio, F. (2024). Understanding how users choose passwords: analysis and best practices. Retrieved from https://iris.unive.it/handle/10278/5057507#
  • De Carné de Carnavalet, X. & Mannan, M. (2014). From Very Weak to Very Strong: Analyzing Password-Strength Meters. Retrieved from https://spectrum.library.concordia.ca/id/eprint/978105/
  • Festinger, L. (1957). A theory of cognitive dissonance. Stanford University Press.
  • Florencio, D. & Herley, C. (2007). A large-scale study of web password habits.DOI: 10.1145/1242572.1242661 Joe Beach Capital. (n.d.). Top 10 million passwords. kaggle. Retrieved from https://www.kaggle.com/datasets/joebeachcapital/top-10-million-passwords
  • Jha, Anand & Bhatele, Kirti Raj & Philip, Prajeesh & Mishra, Khushi. (2022). Graphical password authentication system for web and mobile applications in javascript. DOI:10.4018/978-1-6684-5827-3.ch011.
  • Kennison, S. M., & Chan-Tin, D. E. (2023). Personality and cognitive factors in password security behaviors. North American Journal of Psychology, 25(3), 599–618.
  • Katsini, C., Fidas, C., Belk, M., Samaras, G., & Avouris, N. (2019). A Human-cognitive perspective of users’ password choices in recognition-based graphical authentication. International Journal of Human–Computer Interaction, 35(19), 1800–1812. https://doi.org/10.1080/10447318.2019.1574057
  • Kostić, M. & Saveljić I. (2023). Gamification as a Tool for Elevating Password Strength Awareness. Retrieved from https://ceur-ws.org/Vol-3676/short_03.pdf
  • LastPass Security Team. (2020). New report: Combatting cognitive dissonance in password creation. LastPass Blog. Retrieved from https://blog.lastpass.com/posts/new-report-combatting-cognitive-dissonance-in-password-creation
  • Li, S. , Romdhani, I., & Buchanan, W. (2016). Password Pattern and Vulnerability Analysis for Web and Mobile Applications https://doi.org/10.3969/j.issn.1673-5188.2016.S0.006
  • Mark Deanil Vicente. (2024). check-password-strength. Retrieved from https://github.com/deanilvincent/check-password-strength
  • Morph1Max. (2021). Password security sber dataset. kaggle. Retrieved from https://www.kaggle.com/datasets/morph1max/password-security-sber-dataset/data
  • Perez, M. (2021). New report: Combatting cognitive dissonance in password creation. Retrieved from https://www.netsec.news/cognitive-dissonance-password-creation/
  • Shay, R., Komanduri, S., Mazurek, M. L., Segreti, S., Ur, B., Bauer, L., Christin, N., & Cranor, L. F. (2010). Encountering stronger password requirements: User attitudes and behaviors. DOI:10.1145/1837110.1837113
  • Scholefield, S., & Shepherd, L. A. (2019). Gamification techniques for raising cyber security awareness.10.48550/arXiv.1903.08454.
  • Shin, SJ. (2022). react-password-strength-bar. Retrieved from https://gith Ur, B., et al. (2015). I added '!' at the end to make it secure": Observing password creation in the lab.DOI:10.5555/3235866.3235877.

Cognitive Dissonance and Password Security: Analysis of User Trends

Yıl 2025, Cilt: 16 Sayı: 3, 1187 - 1203, 29.09.2025

Öz

In today's digital era, information security has become a critical concern due to the rapid growth of digitalization and the widespread use of online platforms. Weak and predictable passwords are among the most common vulnerabilities exploited in cyberattacks. The frequent use of simple and repetitive password patterns highlights the importance of understanding users' cognitive processes and developing solutions to promote strong password creation habits.This study aims to develop a web-based system to analyze users' cognitive password tendencies, evaluate strong-weak password distinctions, and provide suggestions to users. The React-based system examines users' cognitive responses during password creation processes. Through dynamic feedback mechanisms, users are guided in creating strong passwords, enhancing their awareness of password security. Additionally, the insights derived from user behavior contribute to the development of more effective password policies.This system not only serves individual users but also provides a solution for organizations to enhance their password security policies and support educational initiatives. The primary objective of this study is to address the security risks posed by weak password habits and to guide users toward a more secure digital ecosystem.

Kaynakça

  • Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. DOI:10.1109/SP.2012.44
  • Choudhary, M., Srivatsa, K., Upadhyay, I., & Srivastava, P. (2021). Is convenient secure? Exploring the impact of metacognitive beliefs in password selection. Proceedings of the Annual Meeting of the Cognitive Science Society, 43. Retrieved from https://escholarship.org/uc/item/7v1654s9
  • Choong, Y. & Theofanos, M. (2015). What 4,500+ People Can Tell You: Employees' Attitudes Toward Organizational Password Policy Do Matter.DOI:10.1007/978-3-319-20376-8_27
  • Di Campi, A. M. (2021). Password guessing: learn the nature of passwords by studying the human behavior. Retrieved from http://dspace.unive.it/handle/10579/19986
  • Di Campi, A. M. & Luccio, F. (2024). Understanding how users choose passwords: analysis and best practices. Retrieved from https://iris.unive.it/handle/10278/5057507#
  • De Carné de Carnavalet, X. & Mannan, M. (2014). From Very Weak to Very Strong: Analyzing Password-Strength Meters. Retrieved from https://spectrum.library.concordia.ca/id/eprint/978105/
  • Festinger, L. (1957). A theory of cognitive dissonance. Stanford University Press.
  • Florencio, D. & Herley, C. (2007). A large-scale study of web password habits.DOI: 10.1145/1242572.1242661 Joe Beach Capital. (n.d.). Top 10 million passwords. kaggle. Retrieved from https://www.kaggle.com/datasets/joebeachcapital/top-10-million-passwords
  • Jha, Anand & Bhatele, Kirti Raj & Philip, Prajeesh & Mishra, Khushi. (2022). Graphical password authentication system for web and mobile applications in javascript. DOI:10.4018/978-1-6684-5827-3.ch011.
  • Kennison, S. M., & Chan-Tin, D. E. (2023). Personality and cognitive factors in password security behaviors. North American Journal of Psychology, 25(3), 599–618.
  • Katsini, C., Fidas, C., Belk, M., Samaras, G., & Avouris, N. (2019). A Human-cognitive perspective of users’ password choices in recognition-based graphical authentication. International Journal of Human–Computer Interaction, 35(19), 1800–1812. https://doi.org/10.1080/10447318.2019.1574057
  • Kostić, M. & Saveljić I. (2023). Gamification as a Tool for Elevating Password Strength Awareness. Retrieved from https://ceur-ws.org/Vol-3676/short_03.pdf
  • LastPass Security Team. (2020). New report: Combatting cognitive dissonance in password creation. LastPass Blog. Retrieved from https://blog.lastpass.com/posts/new-report-combatting-cognitive-dissonance-in-password-creation
  • Li, S. , Romdhani, I., & Buchanan, W. (2016). Password Pattern and Vulnerability Analysis for Web and Mobile Applications https://doi.org/10.3969/j.issn.1673-5188.2016.S0.006
  • Mark Deanil Vicente. (2024). check-password-strength. Retrieved from https://github.com/deanilvincent/check-password-strength
  • Morph1Max. (2021). Password security sber dataset. kaggle. Retrieved from https://www.kaggle.com/datasets/morph1max/password-security-sber-dataset/data
  • Perez, M. (2021). New report: Combatting cognitive dissonance in password creation. Retrieved from https://www.netsec.news/cognitive-dissonance-password-creation/
  • Shay, R., Komanduri, S., Mazurek, M. L., Segreti, S., Ur, B., Bauer, L., Christin, N., & Cranor, L. F. (2010). Encountering stronger password requirements: User attitudes and behaviors. DOI:10.1145/1837110.1837113
  • Scholefield, S., & Shepherd, L. A. (2019). Gamification techniques for raising cyber security awareness.10.48550/arXiv.1903.08454.
  • Shin, SJ. (2022). react-password-strength-bar. Retrieved from https://gith Ur, B., et al. (2015). I added '!' at the end to make it secure": Observing password creation in the lab.DOI:10.5555/3235866.3235877.
Toplam 20 adet kaynakça vardır.

Ayrıntılar

Birincil Dil Türkçe
Konular Bilgi Temsili ve Akıl Yürütme
Bölüm Makaleler
Yazarlar

Mustafa Bilgehan İmamoğlu 0000-0002-3496-2959

Aleyna Eser Bu kişi benim 0009-0001-7263-2352

Yayımlanma Tarihi 29 Eylül 2025
Gönderilme Tarihi 13 Şubat 2025
Kabul Tarihi 23 Eylül 2025
Yayımlandığı Sayı Yıl 2025 Cilt: 16 Sayı: 3

Kaynak Göster

APA İmamoğlu, M. B., & Eser, A. (2025). Bilişsel Uyumsuzluk ve Parola Güvenliği: Kullanıcı Eğilimlerinin Analizi. Gümüşhane Üniversitesi Sosyal Bilimler Dergisi, 16(3), 1187-1203.