Scribd
Upload
31 views19 pages

ASEP D 22 00341 R1 Reviewer

Uploaded by

Murali Krishna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views19 pages

ASEP D 22 00341 R1 Reviewer

Uploaded by

Murali Krishna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Applied Science and Engineering Progress

Preliminary Study of Password Management Behaviors of Young People


--Manuscript Draft--

Manuscript Number: ASEP-D-22-00341R1

Article Type: Research Article

Section/Category: Applied Sciences and Technologies

Keywords: Computer security; Password; Password behaviors; Password management; Young


people

Manuscript Region of Origin: THAILAND

Abstract: Password-based authentication is still the most widely used authentication method
today. Unfortunately, passwords are the main culprit for the cause of cyberattacks. This
paper, therefore, examines the behaviors towards password generation and usage of
young people, who will ultimately become the future generation in the society. An
online survey with a sample of 265 respondents at the ages of 10 - 24 together with
those who are older than 24 years old was conducted between April and August 2021.
The research applied descriptive statistical analyses and compared the responses
from young people and those from the older group. The results suggest that although
the survey participants seemed to have some knowledge of creating complex
passwords, they still illustrated some aspects which could lead to being a target of
cyberattacks. Since this is a preliminary study of the behaviors of young people
towards password management, the number of participants is limited. This preliminary
study provides information and increases awareness for policy makers and
educationists in such a way that it could be used to create an educational program on
the importance of managing passwords securely. In addition, the study provides an
insight for how young people aged between 10 and 24 years old behaved towards
password management.

Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
Anonymous Manuscript Click here to access/download;Anonymous
Manuscript;Preliminary Study of Password

Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

Preliminary Study of Password Management Behaviors of Young People


Chatphat Titiakarawongse
Institute of Digital Arts and Science, Suranaree University of Technology, Nakhon Ratchasima, Thailand

Sirapat Boonkrong*
Institute of Digital Arts and Science, Suranaree University of Technology, Nakhon Ratchasima, Thailand

* Corresponding author. E-mail: [email protected] DOI: 10.14416/j.asep.2017.03.xxx


Received: XX September 2022; Revised: XX XXXX 2022; Accepted: XX XXXX 2022; Published online: XX XXXX 2022

Abstract
Password-based authentication is still the most widely used authentication method today. Unfortunately,
passwords are the main culprit for the cause of cyberattacks. This paper, therefore, examines the behaviors
towards password generation and usage of young people, who will ultimately become the future generation in
the society. An online survey with a sample of 265 respondents at the ages of 10 - 24 together with those who
are older than 24 years old was conducted between April and August 2021. The research applied descriptive
statistical analyses and compared the responses from young people and those from the older group. The results
suggest that although the survey participants seemed to have some knowledge of creating complex passwords,
they still illustrated some aspects which could lead to being a target of cyberattacks. Since this is a preliminary
study of the behaviors of young people towards password management, the number of participants is limited.
This preliminary study provides information and increases awareness for policy makers and educationists in
such a way that it could be used to create an educational program on the importance of managing passwords
securely. In addition, the study provides an insight for how young people aged between 10 and 24 years old
behaved towards password management.

Keywords: Computer security, Password, Password behaviors, Password management, Young people

1 Introduction “123456789”, “password”, “iloveyou” and


“Nothing.” Many are opting for bad practices for
In today’s Internet-based or digital environment, it is password usage such as writing their passwords down
essential for any computer or information system to be on a post-it or reusing their passwords across many
able to identify an individual or an entity that attempts different accounts.
to enter and use such system. Therefore, an access Both choosing weak passwords and exhibiting
control mechanism, specifically authentication, bad password practices have led to many high-profile
cannot be overlooked. cyberattacks. It began as early as in 1998 when
Although there are several authentication Computer Emergency Response Team (CERT) [4]
methods [1], including something-you-know, reported an incident when there was a leakage of
something-you-have and something-you-are, almost two-hundred thousand passwords and close to
passwords (which is under the something-you-know fifty thousand of them were cracked. In 2009, there
category) appear to be the most widely used was one of the largest credential leakages at the time
mechanism and play an important role in today's daily occurring in a major password breach of a Web site
life. They are used for logging into an email account, [5]. In 2016, it was reported that almost four-hundred
a mobile banking account, organization’s network, million accounts from two well-known social
and personal devices. networking sites were hacked and the passwords were
It is, therefore, clear and can be said that strong leaked. Interestingly and frighteningly, the report
and secure passwords should be chosen to protect their suggested that a lot of the leaked passwords had been
personal accounts and information. Unfortunately, generated from words in dictionary and simple
that has not always been the case. Many people are patterns of numbers, with “12345” appearing more
still generating weak and easy-to-crack passwords [2, than two-hundred thousand times and “password”
3] with the most common ones include “123456”, appearing almost eighteen thousand times [6].

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

Many organizations and researches have password generation and usage of young people.
attempted to help users generate stronger passwords Finally, we conclude our study.
through their password composition policies [7, 8],
which not only specify the minimum length but also 1.1 Literature review and related work
require users to include specific types of characters
and numbers in their passwords. Some have suggested There is a large amount of literature regarding various
the use of a password manager [9], whose purpose is aspects of password-based authentication. In this
to help users generate stronger passwords and section, however, only those that are relevant to our
eliminate password reuse. study, such as password security, password
While these policies may help improve the management [12] and those looking at perceptions
security of passwords, they make it more difficult and related to passwords are discussed [13-15]. The
more complex for users to memorize their passwords. objective of this work is to build upon the existing
Moreover, nowadays many users are overwhelmed work by looking specifically at the generation of
with the number of accounts and passwords they need young people and what their perspectives are towards
to use on a daily basis, which is largely true for adults password generation and usage.
and older people whose personal data are subject to
adversarial behaviors [10]. This has led to a question
Password security
of trying to understand the attitudes and behaviors of
users, especially those in the younger generations,
towards their password generation and usage. Passwords are the most used method of authentication
World Health Organization or WHO defines the due to their convenience and low cost. Unfortunately,
term “young people” as those who are between 10 and the strength of password-based authentication
24 years old [11]. From this range, young people are mechanisms relies heavily on the strength of the
students in school and higher education as well as passwords themselves. Weak or easy-to-crack
newly graduated. They were the focus of this research passwords have presented us with security problems
because we thought that these people would be the over the years. Having seen the opportunity, attackers
main workforce in the future. It is consequently have created and applied several techniques [1] to
necessary to study and understand what their attitudes crack passwords. Some of the more popular ones are
and behaviors towards password generation and usage as follows.
are so that proper awareness, education and even The first is known as a brute force attack, which
technologies can be designed and put in place to is when an attacker attempts all possible passwords
complement the results of this research. until the correct one is found. The second is called
In this research, as a preliminary study, a survey password dictionary attack. This occurs when a list of
was carried out with over two hundred and fifty commonly used passwords is created and stored in a
participants, two hundred of which were in the young database. Only the passwords in that database or
people category as defined by WHO. The rest were in dictionary are tried and used when an attacker
the older category, which as a byproduct was used for attempts to log into a system as someone else.
a comparison analysis. In general, our participants Consequently, a couple of approaches have been
reported that they had more than one accounts with the proposed to help measure the quality and strength of
number of passwords not matching the number of passwords. The first was password entropy, which was
accounts. Many appeared to have adapted to the first introduced by Shannon [16]. Password entropy
advice of generating more complex passwords. A few was defined as the statistical distribution of
said they were aware of how to ensure their password information, which measured the randomness of the
security through multi-factor authentication and content. This led to the research by Ma et al. [17] who
password managers, while many had never even heard suggested that a password should be composed of
of them before. upper case letters, lower case letters, numbers and
In the remainder of this paper, literature relevant special characters.
to our study is first discussed. We then describe the Ma et al. [17] also proposed another approach for
research design and methodology used in data evaluating the strength of passwords known as the
collection and analysis. Next, we present our findings effective length. The effective length was an extension
regarding the attitudes and behaviors towards to the basic counting of the number of characters in a
password. It was suggested that a password

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

complexity index (or a specified value for each that using the same password for many accounts was
character) should be applied to the password so that like having one key that can unlock many doors.
the effective length, rather than the actual length, Although not agreed by some [24], many
could be computed. organizations’ password policy forces users [18] to
The two password security metrics in password change their passwords every thirty to sixty days. It
entropy (components within a password) and was believed over a period in the past that by changing
password length have, therefore, become parts of our passwords, attackers would find it more difficult to
survey, specifically in the password composition compromise them. However, many have had counter
stage. arguments since then by suggesting that changing
passwords often could lower the security of the
Password management already-strong passwords [24]. Regarding this issue, a
study observed that users tended not to change their
Passwords are considered the first line of defense to passwords based on their own decisions. They would
computer and information systems [1]. They help only do so when they were forced to in the case of a
reduce the risk of unauthorized access. That means by breach or forgetting their passwords [25].
generating strong passwords and adopting good In the context of password recall and
password practices, it is possible to lower the chances memorability, users applied different approaches
of being compromised. The problem is that users are ranging from relying on their memory to writing down
now facing a lot of burdens in managing their on either pieces of paper or in a note application on
passwords, namely password creation and usage. their computing device. It was also found that the use
Previous studies [18, 19] have found that some of password managers was not common, even though
people possess over twenty accounts and hold as many it was a recommended approach [9][12].
if not almost as many passwords. Some of these people The existing literatures studied various aspects of
even use all these accounts and password everyday. user behaviors towards passwords, but there had not
One research suggested that almost half the people been many that specifically looked at how young
participating in the study logged in their accounts over people worked on password management [26]. In
forty times a week [20]. 2021, however, there was one study that provided an
According to some research [12, 21], people attempt to understand what children thought about
appeared to have varying methods for creating their passwords [27]. This article appeared to be the first to
passwords. They showed that although many conduct a survey of third to twelve graders from
organizations and Web sites had password policies schools across the USA. The authors found that
that required users’ passwords to meet some specific children had fewer passwords than adults and had
criteria, people still tended to create their password by mixed perceptions about passwords. Moreover, their
choosing something that was easy for them to study showed that there were some behaviors that
remember, which usually made them vulnerable and would lead to the insecurity of passwords. Having
easy to guess. Having said that there were people still said that, our work is different from Theofanos et al.’s
conforming to a better password creation strategy by work in three folds. The first is that our participants
combining various types of characters and numbers in were from different parts of the world. Secondly,
their passwords (Shay, et al., 2016). although the main group of our participants was also
Another research [22] was conducted to study young, the participants were from a broader range of
the password usage behaviors of users. It was found age groups, namely those who were aged between 10
that users frequently reused their passwords across and 24 years old, as defined by WHO. Third, our
multiple accounts. The more passwords users had to coverage of perceptions towards passwords is
generate and the more accounts they possessed, the different. That is, the work of Theofanos et al.’s put an
more likely they would reuse the passwords. This emphasis on the understanding of passwords and
behavior is worrying, because it is the main cause of a password creation whereas our study focused on more
password-related attack known as credential stuffing. aspects, namely password creation, password usage
This occurs when a user’s password is known by an and password security improvement strategies.
attacker, who will then try to use the same password
to log into other accounts belonging to the same user
[1]. Some researchers [23] have gone so far in saying

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

2 Materials and methods respond to the survey. SurveyTandem is a platform that


allows for finding survey respondents, albeit by
2.1 Survey design answering other people's surveys in exchange. Saying
that we still thought it was a good platform to gather
This section describes how the online survey was responses from mixed backgrounds.
designed and what it consisted of. In order to achieve The other and main source of the survey data was
the research goal of understanding the habits of young via emails. Our research focused on and required
people on various aspects of password management, the responses from people between the ages of 10 and 24,
survey was divided into four parts. according to WHO’s definition of young people. It was,
The first was the general demographic section, therefore, necessary to target specific respondents and
which required participants to provide the indication of emails were a convenient tool to do so. For this purpose,
their age group. This was done, although the focus of emails were sent to students in schools and universities
the research was on young people aged between 10 and in Japan, the UK and various parts of Thailand. This way
24, because in case there were older participants, we the target age group as well as respondent diversity could
would be able to make a comparison between them. be achieved. From these platforms and as a preliminary
The second part of the survey was concerned with study on young people’s behaviors towards password
password creation. This section of the online survey generation and usage, we were able to gather 265
comprised of four questions. The questions aimed at responses.
finding out what the participants included in their
passwords generally such as name or telephone number, 2.3 Data analysis
letters only, numbers only or whether some specific
practices were followed. Moreover, the question We describe how the data collected were analyzed in
regarding the size of their passwords was also asked. this section. Due to the structure and content of the
The usage of passwords made up the third part of survey, quantitative analyses were carried out in this
the survey. This section specifically looked at how the research.
participants used and maintained their passwords. The Before carrying out any statistical analyses, it
participants were asked about the number of accounts was necessary to clean the collected data so that only
and passwords they owned, how often they changed the usable records remained. By looking at the data
their passwords as well as what their password recall obtained from the survey, it was obvious that there
strategies were. were some responses that appeared fraudulent and
The final part of the online survey was created to infeasible. By removing the unusable responses, the
study whether the participants knew of any additional validity of our analyses would be improved.
methods that could help improve the security of their For this research, the total of seven responses
passwords. The questions in this part consisted of ones were excluded from the study, which accounted for
that asked about multi-factor authentication and 2.64% of all the collected responses. The reason for
password managers. exclusion was that there were five participants who
In total, the online survey used to conduct the said they owned more passwords than the number of
research contained fourteen questions. We believed accounts they possessed, which appeared to us as
that these fourteen questions would be adequate for the infeasible. The other two participants just wrote some
accomplishing our objective in learning about young random characters as their responses to several survey
people’s perceptions on personal password questions. Thus, their responses could not be used in
management. the analyses at all. As a result, 258 responses remained
and were included in our analyses.
2.2 Data collection A descriptive statistical analysis was applied to
provide an overview of the survey data. This was done
We distributed the online survey on Web sites including so that the number of responses to each question could
Reddit (https://www.reddit.com) and SurveyTandem be expressed, and basic comparisons between the
(https://www.surveytandem.com). Currently, Reddit has responses from young people and the older
over fifty-two million active users daily on their Web counterparts could be performed.
site. Our survey was posted in the Take My Survey
community, which was a broad and non-specific
community so that we could get diversity of people to

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

2.4 Limitations Table 1 : Demographics of research participants


Gender Age
There is one limitation to our research that we would Number % Number %
like to point out. It is concerned with the fact that Male 129 50.00 10-14 8 3.10
although the data were collected through different Female 127 49.22 15-19 74 28.68
online platforms, a large portion of the obtained data Others 2 0.78 20-24 117 45.35
was from our country of residence, with a few 25 and 59 22.87
responses from other parts of the world. Therefore, the over
participants of the survey may not reflect the attitudes
and behaviors of the world population. Having said 3.2 Password creation
that, as a preliminary study, we still believe that our
study and findings can provide a better understanding For the analyses of the password creation section, we
of young people’s attitudes, perceptions and behaviors divided it into three parts. They were password
towards their password creation, usage, and creation strategies, password components and
management in general. password size.

3 Results and discussion


Password creation strategies

Our research focused on the understanding of how


young people generated, used, and managed their This part shows the strategies that the participants
passwords. As a result, our online survey included reported to have used when creating their passwords.
questions that would provide an insight to the young In general, there were seven techniques that were
people’s password-related attitudes, perceptions, and adopted for password generation. Figure 1 shows the
behaviours. This section is divided into four parts distribution of our participants’ reported password
which reflect our survey questions and an attempt to creation methods.
answer the research questions. They are the general
demographics of research participants, password
creation, password usage and password security
improvement.

3.1 Research participants

Although the aim of the research is to understand how


young people behave towards password management,
not only young people who were between 10 and 24
years old participated in the study. People who were
25 years old and over were also considered so that it
would be possible to conduct further analyses on the
obtained data.
As already mentioned previously, in total we
were able to collect 265 responses, but it was Figure 1: Percentage distribution of participants’
necessary to remove 7 responses. The demographics password creation methods.
of the research participants are described in Table 1.
Table 1 shows that the number of young people The password creation techniques gathered from
who participated in the study was 199 in total, which our study were using people’s names, places’ names,
accounted for over 77% of all participants. Out of the birth dates, phone numbers, words in English
199 young people, 8 were aged between 10 and 14, 74 dictionary and using a password generator. Other
were between the ages of 15 and 19, and 117 were of methods mentioned by the participants included the
the ages between 20 and 24. Moreover, there were 59 use of student or national ID number, favourite
respondents who were in the 25 and over age group. characters from cartoons or films, words from other
languages (typing with an English keyboard). The

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

number of password generation methods acquired participants’ passwords. Habib et al. [12] found that
from our study appeared to be bigger than that from approximately 41% of all participants used English
the research by Habib et al. [12], which indicated that words in their passwords. However, the percentage in
there were three main techniques for password our research was not as high. On average
creation. They were using English words, using approximately 31.03% of the young participants (10 -
names, and adding either numbers or symbols. Our 24 years old) reported that they would include words
study looked at a different angle from the work of from English dictionary in their passwords. The
Theofanos et al. [27] where the correspondents’ number was even lower in the older age group with
passwords were given by school, made by parents or only 20.34%. Having said that, this is another method
with parents’ help, or made by the correspondents that showed a statistically significant difference (α =
themselves. No other details were given in their study. .05) between young people and their older
There are a few things worth pointing out from counterparts.
the obtained results. First of all, creating a password The least popular password creation method was
by including a person’s name was popular among when passwords were created by including names of
young people with 50% of 10 - 14 year old participants places. Only 16.08% of the 10 - 24 year olds and only
admitted to use this technique. In addition, 39% and 12% of the older age group reported to have adopted
38% of participants who were between 15 - 19 years this method. The practice of including names of
old and 20 - 24 years old, respectively, would include places in passwords was something that had only been
either their own or someone else’s names in their acquired in our study and never been mentioned in any
passwords. The obtained percentages appeared to be previous studies.
aligned with the results from Habib et al. and Ur et al. Moreover, there were also other practices
[28] in that using names was the most common reported by some of our participants. It had to be
password creation technique. Moreover, 34% of the pointed out that the percentage of the older age group
25 years old and over used this method to generate (20.34%) that had used other methods for creating
their passwords. passwords was significantly higher (α = .05) than the
Secondly, including someone’s date of birth in a younger age groups (3.13%) from which only those
password was another popular method. From Figure between 20 and 24 years old reported to have used
1, it can be seen that 53% of the 15 - 19 year old other techniques. Some of the methods mentioned by
participants used either their own or other people’s the participants that fell into this category included the
dates of birth as a part of their passwords. This was use of student or national ID numbers and words from
followed by the 20 - 24 and 10 - 14 age groups with other foreign languages (using English keyboard).
39% and 38% of participants, respectively. In
contrast, this method was only used by 27% of the Password components
older participants. Hence there is a statistically
significant difference (α = .05) between the young
people (10 - 24 years old) and the older ones (25 and The second part of the password creation section
over). reported what components the participants had
Another password creation technique was the included or would choose to include in their
inclusion of phone numbers. Compared with the older passwords. From the obtained data, there were fifteen
age group of over 25 years old, the percentage of possible ways or combinations of components that
young participants who chose this technique for were chosen by the participants. These fifteen
password generation was significantly higher (α = different combinations can be seen in Figure 2, which
.05). In other words, 32.70% of the young also shows the distribution of the participants’ chosen
correspondents reported that they had included either components in their passwords.
their own or someone else's phone numbers in their
passwords. In contrast, only 17% of the older age
group reported to have done the same.
The next password generation strategy obtained
from our survey was also the results of the research by
Habib et al. [12], Ur et al. [28] and Bryant and
Campbell [15]. This was the technique of using words
from an English dictionary as a part of the

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

One type of combination chosen by all age


groups was the lower case letters and numbers
combination. On average, this method was
significantly more popular (α = .05) among the young
participants (10 - 24 years old) than the older ones (25
years old and over). That is, 13.11% of the participants
in the 10 - 24 age group reported to have used this
combination, while only 5.09% of the 25 years old and
older group had done the same.
There were two other types of combinations that
were chosen by all age groups and appeared to be the
two most popular choices for each age group. The
combination of the upper case letters, lower case
letters and number showed a significantly higher
number (α = .05) in the young people (10 to 24 years
old), while the mixture of all types of characters in the
Figure 2: Percentage distribution of participants’ upper case letters, lower case letters, numbers and
password components. special characters was significantly more popular (α =
.05) in the older age group (25 years old and over).
One piece of information from Figure 2 we These two types of combination also reported an
thought was worth noting was that the combination of interesting result, which can be described as follows.
lower case letters and special characters was not the The number of participants choosing the upper
choice of any participants from any age groups at all. case letters, lower case letters and number
Figure 2 also shows that the 20 - 24 age group combination evidently decreased as the ages of the
was the only group that would create or had created participants increased. In other words, the majority
their passwords using only either the upper case letters (63%) of the participants from the 10 - 14 age groups
or lower case letters, albeit with only 2.60% and suggested that they would use or had used this method
0.90%, respectively. when creating their passwords. This number went
Numbers-only passwords, as suggested by the down for those ages 15 to 19 years old (32%) and 20
data, would still be chosen by a handful of participants to 24 years old (25%). The oldest group in 25 years
in the 15 - 19 age group (5.40%), the 20 - 24 age group old and older recorded the lowest number at 22%.
(4.30%) and the 25 and over age group (1.70%). On the other hand, the combination of all types
Nobody from the 10 - 14 age group would choose or of characters presented the opposite trend. That is, as
had chosen only numbers as their passwords. the ages of the participants increased, the number of
Special characters-only passwords were another participants choosing to use this method also
interesting point since it appeared to have been chosen increased. The data showed that 25% of the 10 - 14
by only the participants from the 15 - 19 and 20 - 24 year olds, and 26% and 30% of the participants ages
age groups, with 2.70% and 0.90% of the participants 15 to 19 years old and 20 to 24 years old, respectively,
from each group, respectively. On average, it appeared reported to have created their passwords using this
that this special characters-only method was the least combination. It was obvious from Figure 2 that the
popular among our participants. majority or 53% of the older age group of 25 and over
The combination of lower case letters, numbers would choose or had chosen this type of combination
and special characters was another method chosen for their password creation.
only by the participants ages 15 to 19 and ages 20 to Observing the two most popular methods, it can
24, with 1.40% and 1.70% of each age group, be seen that they appeared to complement one another.
respectively. The other type of combination chosen by Once the participants became older, the components
two age groups was when the upper case letters, lower within their passwords and their combinations became
case letters and special characters were included in the more complex. This consequently suggests that
participants’ passwords. This combination was chosen awareness, education, and experience would be
only by those in the 20 - 24 and 25 and over age needed to help people generate more complex
groups, with 6% and 3.40% of the participants from passwords. Moreover, the data we collected and
each age group, respectively. analysed were similar to the study by Habib et al. [12],

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

who also found that 59% of their participants would having their passwords of this size. That was an
add numbers to their passwords, and 32% would add obvious dissimilarity to the young people (10 - 24
special characters to increase the complexity. years old), with approximately 27.29% choosing this
However, Habib et al. [12] did not provide any details password size. That is, there is a clear statistically
of how the results distributed among different age significant difference (α = .05) between these two age
groups. groups.
The passwords of the size between 10 and 12
Password size characters provided a very noticeable point to be
discussed. Figure 3 shows that approximately 75% of
The final part of the password creation section is the the 10 - 14 year old participants had created passwords
password size. This part reports the average password of this size, which was significantly higher (α = .05)
size that our research participants had created and than any other age groups. However, on average,
used. In general, the responses from the participants 47.90% of the young participants (10 - 24 years old)
were grouped into five size ranges. They were the had created their passwords whose sizes were between
passwords whose size were 4 - 6 characters, 7 - 9 10 to 12 characters long, compared with only 30.51%
characters, 10 - 12 characters, 13 - 15 characters and of the older participants.
over 15 characters. Figure 3 shows the distribution of Finally, the 13 - 15 character passwords were
our participants’ reported password sizes. created by 13.42% of young participants. The number
for the 25 years old and older was not significantly
different with 11.86% of them having created and used
passwords of this size.
On the whole, those between 10 and 24 years old
tended to create their passwords of the size between
10 and 12 characters, compared with the older
participants almost half of whom suggested that their
passwords were between 7 and 9 characters long.

3.3 Password usage

The analyses of the password usage section were


divided into three parts. They were the comparison
Figure 3: Percentage distribution of participants’ between the number of accounts and the number of
password sizes. passwords (or password reuse), how the participants
said they recalled their passwords, and what their
It is evident that all the password sizes were password update behaviours were.
chosen by all age groups, except for the 4 - 6
characters and the over 15 characters which were not Password reuse
the choices of the participants belonging in the 10 - 14
age group. The 4 - 6 character passwords also Our survey did not ask the participants directly
represented the smallest number of participants with whether they had used the same passwords for
the over 15 character passwords having the second multiple accounts. What we did instead was ask about
lowest number of participants. What we found from the number of password-protected accounts and the
our survey data here was aligned the results from number passwords they owned. The data are displayed
Bryant and Campbell’s work [15] which also stated in Figure 4 and Figure 5, respectively.
that the passwords that were between 1 - 6 characters
and those that were between 11 and 26 characters
represented the smallest proportions.
The data collected from the survey informed us
that for the 25 years old and older, passwords
consisted of 7 - 9 characters were the most popular
choice with 45.67% of the participants from that group

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

younger people. Our data also revealed that


significantly more people (α = .05) in the 25 and over
age group than the young ones (10 - 24) had no idea
how many accounts they owned.
Let us now look at the number of passwords
reportedly owned by the participants in Figure 5.
Ideally, the number of passwords owned by the
participants should match the number of accounts they
possessed. However, the difference between Figure 4
and Figure 5 can be spotted straightaway.
It appears that the graph in Figure 5 is left-hand
heavy. In details, on average 46.08% of the young
participants (10 - 24 years old) owned only between
Figure 4: Percentage distribution of the number of one and three passwords, while 27.12% of the 25 years
password-protected accounts owned by participants. old and older owned the same amount. There was,
therefore, a statistically significant difference (α = .05)
between the two groups. This was a stark contrast to
the data shown in Figure 4, where only approximately
30.13% of the young people and 16.95% of the older
ones owned between one to three accounts. Therefore,
it implies that many of our survey participants
reported a fair amount of password reuse, with those
who were between 10 and 24 constituted a higher
number than the older participants.
Other studies, including those by Habib et al.
[12] and Bryant and Campbell [15], also reported that
there was a moderate amount of password reuse.
Habib et al. [12] found that almost 50% of their
Figure 5: Percentage distribution of the number of participants having had reused their passwords,
passwords owned by participants. whereas Bryant and Campbell’s data showed only
around 25%. Although our research found some
Whether or not there was password reuse can be pattern for password reuse, the number did not seem
observed by comparing the data in Figure 4 and Figure to be as high. Moreover, our study investigated the
5. For the number of password-protected accounts, on difference between different age groups while other
average 30.31% of the young participants owned researches only studied the behaviours at workplaces
between one and three password protected accounts, and email usage.
while 16.95% of the participants of 25 years old and In addition, Figure 5 shows that the percentage
over owned the same amount, which made the number of participants decreased as the number of possessed
for the young people significantly higher (α = .05) than passwords increased. This is especially the case for the
that of the older ones. The young participants aged young participants. On the other hand, there was only
between 10 and 24 years old that owned between four a slight decrease in the percentage of those who were
and six accounts accounted for 23.07% whereas the 25 and older as the number of passwords increased.
number was 13.56% for the 25 years old and over. Saying that, significantly higher (α = .05) percentage
The number of young participants that owned between from the 25 and over said they possessed over nine
seven and nine accounts slightly decrease to 21.88%. passwords.
However, this number increased for the older
participants at 23.73%. Password recall
The number of participants both young and old
owning over nine password-protected accounts went This part studied how our participants recalled their
down to 8.82% and 18.64%, respectively. What we passwords. In general, there were six password recall
can observe here is that the older participants seemed techniques reportedly adopted by the participants.
to have significantly more accounts (α = .05) than the

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

Figure 6 shows the distribution of our participants’ participants using the note-taking method, our
password recall methods. numbers were not as high as the survey done by NIST
[29] who found that over 80% of their survey
respondents stored their passwords either on paper or
electronically. However, the results from [27]
suggested that only 38.83% of their participants wrote
down passwords.
There were two other recall techniques used by
the participants. One was using a password manager.
Overall, password managers were used less by the
young participants (11.46%) compared with 23.73%
of the 25 and over age group. By looking at the data
we can see that the amount of password manager
usage had the upward trend as the age increased.
Making use of the Web browser’s ability to
remember passwords was a choice of a few of our
participants, where the percentages from the young
Figure 6: Percentage distribution of participants’ correspondents and older age group were not
password recall methods. significantly different. Furthermore, the use of Web
browser’s password remembering function had a
It is clear from Figure 6 that the most popular downward trend as the participants became older.
password recall method among our participants was
memorising the passwords. The survey data revealed Password update
that on average 70% of the young participants chose
to adopt this method for their password recall. This This part describes how often, if at all, our participants
was to compare with 55.93% of the 25 and over age changed or updated their passwords. Figure 7 shows
group who chose the same method. What we can say the distribution of the participants’ password update
is that more than half of the participants from all age frequency.
groups reported to recall their passwords from their
memory. However, the pattern shown in Figure 6
revealed that as the participants got older, it became
less likely that same number of people would still use
their memory as their password recall method.
This particular result of our survey appeared to
be aligned with that of Habib et al. [12] and Theofanos
et al. [27] who also suggested that the most common
password recall technique used by more than half of
their research participants was memorising the
passwords. However, our research provided more
insight in that we showed that a significantly higher (α
= .05) number (70%) of those aged between 10 and 24
years old memorised their passwords rather than using
other methods.
We combined the survey results of methods
(methods 1 - 3 from Figure 6) for writing down Figure 7: Percentage distribution of participants’
passwords to obtain the following. The note-taking password update frequency.
method was on the whole used by 56.92% of the
young participants and 57.63% of the 25 and over age Our data revealed a similar behaviour pattern for
group. This means that on average there was no both young participants who were between 10 and 24
significant difference between the young people and years old and older participants aged 25 and over.
those who were older in adopting this password recall That is, there were more participants who admitted to
strategy. Although our study recorded over half the

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

never change their passwords than any other


frequencies (on average, over 32% of both age
groups). The second most common response was to
update their passwords once every ten months and
over, where the data obtained from the survey were
almost the same for both the young (21.27%) and old
participants (22.03%).
Furthermore, it can be seen in Figure 7 that there
was an upward trend in the updating passwords once
every five to seven months frequency. It appears that
the number of participants who updated their
passwords once every five to seven months increased
as the age increased. It also shows that significantly
more people (α = .05) from the 25 years old and over Figure 8: Percentage distribution of participants’
group tended to use their password from this duration familiarity with two-factor authentication.
before changing them.
Other update frequencies were only represented
Our data showed that 37.5% of the youngest
by a small number of participants. For example, only
participants seemed to know of two-factor
2.89% of the young people and 3.39% of the older
authentication but chose not to use it. This number was
ones said they changed their password every month.
significantly different (α = .05) from the 15 - 19 and
None of the participants from the 25 and over age
20 - 14 age groups with the values of 16.22% and
group reported to change their passwords every one or
17.09%, respectively. At the same time, 28.81% of the
two weeks, while there were 6.61% and 5.32% of the
25 years old and over had decided not to use two-
young participants reporting to do so, respectively. In
factor authentication even though they knew the
addition, both the young participants and older ones
technology existed.
suggested that there were events that would trigger the
change of their passwords. These triggers included A similar amount of young and older participants
when they were alerted with an unusual activity on admitted that they had no idea what two-factor
their account and when they forgot their passwords. authentication was. The numbers were 24.13% and
25.42%, respectively.
3.4 Password security improvement In addition to asking the participants about two-
factor authentication, they were also asked about their
The final section of the results and analysis is familiarity with password managers. Figure 9 shows
concerned with the awareness of the improvement of how familiar they were with the mechanism.
password security. The participants were asked
whether they were familiar with the technologies in
two-factor authentication and password managers
which could assist them with having a more secure
authentication process. Figure 8 shows how familiar
the participants were with two-factor authentication.
The survey data revealed that the number of
young participants (52.26%) who had used or were
using two-factor authentication was higher than the 25
years old and over age group (45.76%). Our data
represented a very different value from the research by
Ion et al. (Ion, et al., 2015) who found that only 20%
of their participants had used two-factor
authentication to help them stay safe. This is implied Figure 9: Percentage distribution of participants’
by our data that as the years progress, so did the familiarity with password managers
number of people who had adopted the technology to
help make their passwords more secure.

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

For password managers, it was interesting the see 4 Conclusions


that the participants from the 10 - 14 and the 25 and
over age groups showed almost the same amount at The objective of the research was to assess the
62.50% and 61.02%, respectively, for knowing of perceptions and behaviours towards password
password managers but not using them. However, if generation and usage of young people. As the by
we looked at the average (47.62% for the 10 - 24 year product, the obtained data were also compared with
old participants and 61.02% for the older ones), we those of the older ones. The focus of the research was
would see that although they knew what a password on young people (WHO defined young people as ones
manager was, more participants from the 25 and over who were aged between 10 and 24) because they were
age group chose not to use it. Although the participants seen as the future citizen and workforce within the
in the over 25 years old group from our study were society. It would, therefore, be imperative to
relatively younger than those in the study of Ray et understand what their behaviours were. As a result,
al.’s [9] which focused on the 60 years old and above, any necessary preparation for better security could be
they appeared to follow the same pattern in choosing further implemented. Moreover, the research was
not to use password managers. That is, the respondents done in order to get an insight into three main aspects
from our and Ray et al.’s studies suggested that there of passwords. They were password generation,
were other alternatives when it came to password password usage and password security improvement.
management and recall, one of which was the note-
Table 2 summarises the top response with 95%
taking method as shown in the Password Recall
confidence interval [31] for each aspect of the
section. However, Ray et al. provided several other
password management, namely password creation,
reasons to why older people did not use password
password usage and password security improvement,
managers. They included the disruptive nature of
and the number of responses from each age group so
password managers, to which some said they were
that the differences can be compared.
“time-wasters”, lack of self-efficacy, and lack of trust
in the technology. Our research revealed that there were bad
practices adopted by our participants, in particular the
There were zero participants from the 10 - 14 age
younger ones. More young participants reported to
group that reported to have used or were using a
compose their passwords using names, birth dates and
password manager, which led us to the average of
telephone numbers more than the older participants.
26.36% of the younger participants who said that they
Furthermore, the participants who were between 10
were using a password manager at the time of the
and 24 tended to create less complex passwords than
survey. This was to be compared with 28.81% of the
their older counterparts. Significantly higher number
older survey respondents who reportedly were using
of young participants seemed to possess fewer number
the technology at the time. These numbers showed an
of passwords, which suggested that they reused
improvement from the study of Ion et al. [30], which
passwords more than the older age group. In terms of
suggested that only 12% of general users had used a
improving password security, there were no
password manager. This again suggests a positive
significance difference between the young and older
development in technology adoption in all age groups
participants when it came to two-factor authentication.
as the years progress.
However, with password managers, the percentage of
Finally, there were participants who admitted to younger people who had never heard of password
not have heard about password managers prior to the managers was significantly higher than the older
survey. This accounted for 26.02% from the young people.
age groups (10 - 24 years old) and 10.17% from the 25 On the whole, our research found that the people
and over age group, which means that significantly who were between 10 and 24 years old were more
more young people (α = .05) had no idea what a likely to adopt bad practices for password generation
password manager was. Having said that, these data and usage than their older counterparts, albeit there
represented a promising trend by showing the fact that were similarities in some aspects of the research.
the number of participants not knowing what a
password manager was decreased as the age increased.

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

Table 2: Summary of top password behaviours


Password Behaviors Top Responses Age Groups
Management 10 - 14 15 - 19 20 - 24 25 +
Creation Use Names 50.00% 39.19% 37.16% 33.90%
Strategy ±9.80 ±9.57 ±9.50 ±9.28
Password Components Upper Case, Lower 62.50% 32.43% 24.79% 22.03%
Creation Case and Number ±9.49 ±9.12 ±8.46 ±8.12
Password Size 10 - 12 Characters 75.00% 31.08% 37.61% 30.51%
±8.49 ±9.07 ±9.49 ±9.02
No. of 7 - 9 Accounts 0.00% 29.73% 35.90% 23.73%
Accounts ±0.00 ±8.96 ±9.40 ±8.34
No. of 1 - 3 Passwords 12.50% 13.51% 22.22% 25.42%
Password Passwords ±9.80 ±9.77 ±9.29 ±8.71
Usage Password Memorize Passwords 87.50% 63.51% 58.97% 55.93%
Recall ±6.48 ±9.43 ±9.64 ±9.73
Password Never 50.00% 32.43% 27.35% 32.20%
Update ±9.80 ±9.18 ±8.74 ±9.16
Two-Factor Used Two-Factor 37.50% 59.46% 59.83% 45.76%
Password Authentication Authentication ±9.49 ±9.62 ±9.61 ±9.76
Security
Password Know of but not used 62.50% 41.89% 38.46% 61.02%
Improvement
Manager ±9.49 ±9.67 ±9.54 ±9.56

In addition, we believe that the results of the more aware of the problems that exist in the younger
survey and analyses provide the current data about the generation. Consequently, it is hoped that the data
perceptions and behaviours of young people towards obtained from this study would form the basis for
password management. Our study obtained reasons to create proper educational programs
information from a broad group of participants, focusing on adopting better password and
including those who were between 10 - 14 years old, authentication practices, so that the risk for
15 - 19 years old, 20 - 24 years old, and over 25 years cyberattacks could be reduced in the future.
old. The data collected provide some evidence about
how the participants, especially the younger ones, Acknowledgments
perceived their password management as well as how
plausible vulnerabilities could be caused by their We extend our sincere thanks to all who participated
behaviours. in the survey.
While we feel that the obtained results are useful,
they should admittedly be viewed with caution due to Author Contributions
the no-so-high number of response rate. However, to
increase the level of validity of the study, we C.T.: questionairre generation, research design,
computed and provided the values of 95% confidence reviewing and editing the manuscript; S.B.: research
interval of the seemingly top response for each design, data cleansing, data analysis, writing an
password management category in Table 2. Despite original draft. All authors have read and agreed to the
the limitation of the number of participants, we still published version of the manuscript.
believe that the data obtained in this study offer new
insight and valuable information. Conflict of Interest
On our final point, we would like to emphasise
that our research was anchored in three main aspects The authors declare no conflict of interest.
of password perceptions and behaviours of young
people, namely password creation, password usage
and password security improvement. As such, the
obtained results are intended for policy makers,
educationists, and practitioners so that they become

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Applied Science and Engineering Progress, Vol. x, No. x, (Year), xxxx

References

[1] S. Boonkrong, "Methods and Threats of [10] H. Y. Huang and M. Bashir, "Surfing
Authentication," in Practical safely: Examining older adults’ online
Cryptography Methods and Tools. privacy protection behaviors," in The
Berkeley(CA): Apress, 2021, pp. 45-70. Association for Information Science and
[2] NordPass. "Top 200 most common Technology, 2018, vol. 15, pp. 188-197.
passwords of the year 2020." [11] World Health Organisation (WHO),
https://nordpass.com/most-common- "Young people’s health - a challenge for
passwords-list/ (accessed October, 2021). society," Geneva, Switzerland: World
[3] D. Malone and K. Maher, "Investigating Health Organisation, 1986.
the Distribution of Password Choices," in [12] H. Habib, P. Emani-Naeini, S. Devlin, M.
The 21st International Conference on Oates, C. Swoopes, L. Bauer, N. Christin,
World Wide Web, Lyon, France, 2012: and L. F. Cranor, "User Behaviors and
ACM, pp. 301-310. Attitudes Under Password Expiration
[4] Computer Emergency Response Team Policies," in The Fourteenth USENIX
(CERT), "IN98.03: Password cracking Conference on Usable Privacy and
activity," USA: Software Engineering Security, Baltimore, MD, USA, 2018:
Institute, Carnegie Mellon University, USENIX, pp. 13-30.
1998. [13] T. Hussain, K. Atta, N. Z. Bawany, and T.
[5] Imperva, "Consumer password worst Qamar, "Password and User Behavior,"
practices," USA: The Imperva Application Journal of Computers, vol. 13, no. 6, pp.
Defence Center (ADC), 2014. 692-704, 2017.
[6] C. Shu. "Passwords for 32M twitter [14] D. T. Fredericks, L. A. Futcher, and K. L.
accounts may have been hacked and Thomson, "Comparing Student Password
leaked." Knowledge and Behaviour: A Case Study,"
https://techcrunch.com/2016/06/08/twitter- in The Tenth International Symposium on
hack/ (accessed October, 2021). Human Aspects of Information Security &
[7] R. Shay, S. Komanduri, A. Suriti, P. Huh, Assurance (HAISA 2016), Frankfurt,
M. L. Mazurek, S. Segreti, B. Ur, L. Bauer, Germany, 2016, pp. 167-178.
N. Christin, and L. F. Cranor, "Designing [15] K. Bryant and J. Campbell, "User
Password Policies for Strength and Behaviours Associated with Password
Usability," ACM Transactions on Security and Managemen," Australasian
Information and System Security, vol. 18, Journal of Information Systems, vol. 14,
no. 4, pp. 1-34, 2016. no. 1, pp. 80-100, 2006.
[8] S. Komanduri, R. Shay, P. G. Kelly, M. L. [16] C. E. Shannon, "A Mathematical Theory of
Mazurek, L. Bauer, N. Christin, L. F. Communication," The Bell System
Cranor, and S. Egelman, "Of passwords Technical Journal, vol. 27, no. 3, pp. 379-
and people: measuring the effect of 423, 1948.
password-composition policies," in The [17] W. Ma, J. Campbell, D. Tran, and D.
SIGCHI Conference on Human Factors in Kleeman, "Password Entropy and
Computing Systems, Vancouver, Canada, Password Quality," in The Fourth
2011: ACM, pp. 2595-2604. International Conference on Network and
[9] H. Ray, F. Wolf, R. Kuber, and A. J. Aviv, System Security, Melbourne, Australia,
"Why Older Adults (Don't) Use Password 2010: IEEE.
Managers," in The USENIX Security [18] D. Florêncio and C. Herley, "Where do
Symposium, Virtual Event, 2021: USENIX, security policies come from?," in The Sixth
pp. 73-90. Symposium on Usable Privacy and

C. Titiakarawongse and S. Boonkrong, “Preliminary Study of Password Management Behaviors of Young People.”
Security, Redmond, WA, USA, 2010: [27] M. Theofanos, Y. Y. Choong, and O.
ACM, pp. 1-14. Murphy, "Passwords Keep Me Safe’ –
[19] S. Pearman, J. Thomas, P. Emani-Naeini, Understanding What Children Think about
H. Habib, L. Bauer, N. Christin, L. F. Passwords," in The Thirtieth USENIX
Cranor, S. Egelman, and A. Forget, "Let's Security Symposium, Virtual event 2021:
Go in for a Closer Look: Observing USENIX, pp. 19-35.
Passwords in Their Natural Habitat," in The [28] B. Ur, F. Noma, J. Bees, S. M. Segreti, R.
2017 ACM SIGSAC Conference on Shay, L. Bauer, N. Christin, and L. F.
Computer and Communications Security, Cranor, "I Added ‘!’ at the End to Make It
Dallas, TX, USA: ACM, pp. 295-310, Secure: Observing Password Creation in
2017. the Lab," in The Eleventh USENIX
[20] B. Grawemeyer and H. Johnson, "Using Conference on Usable Privacy and
and Managing Multiple Passwords: A Security, Ottawa, Canada, 2015: USENIX,
Week to a View," Interacting with pp. 123-140.
Computers, vol. 23, no. 3, pp. 256-267, [29] Y. Y. Choong, M. F. Theofanos, and H. K.
2011. Liu, "NISTIR 7991: United States Federal
[21] E. Stobert and R. Biddle, "The Password Employees’ Password Management
Life Cycle: User Behaviour in Managing Behaviors - A Department of Commerce,"
Passwords," in The Tenth USENIX USA: National Institute of Standards and
Conference on Usable Privacy and Technology (NIST), 2014.
Security, Melo Park, CA, USA, 2014: [30] L. Ion, R. Reeder, and S. Consolvo, "No
USENIX, pp. 243-255. one Can Hack My Mind: Comparing
[22] A. Das, J. Bonneau, M. Caesar, N. Borisov, Expert and Non-Expert Security Practices,"
and X. Wang, "The Tangled Web of in The Eleventh USENIX Conference on
Password Reuse," in 2014 Network and Usable Privacy and Security, Ottawa,
Distributed System Security (NDSS) Canada, 2015: USENIX, pp. 327-346.
Symposium, San Diego, CA, USA, 2014, [31] A. Barron, Inference for Categorical Data,
pp. 23-26. Introduction to Statistics. USA: Yale
[23] University of Illinois., "Why you should University., 1997.
use different passwords."
https://security.illinois.edu/content/why-
you-should-use-different-passwords
(accessed October, 2021).
[24] S. Bellovin, "Unconventional Wisdom,"
IEEE Security & Privacy, vol. 4, no. 1, p.
88, 2006.
[25] P. A. Grassi, J. L. Penton, E. M. Newton,
R. A. Perlner, A. R. Regenscheid, W. E.
Burr, J. P. Richer, N. B. Lefkovitz, J. M.
Danker, Y. Y. Choong, K. K. Greene, and
M. F. Theofanos, "NIST Special
Publication 800-63B: Digital
Authentication Guideline," USA: National
Institute of Standards and Technology
(NIST), 2017.
[26] K. Helkala and T. H. Bakås, "Extended
Results of Norwegian Password Security
Survey," Information Management &
Computer Security, vol. 22, no. 4, pp. 346-
357, 2014.
Response to Reviewers Click here to access/download;Response to
Reviewers;Response.docx

Dear Editor-in-Chief,

Please find enclosed our manuscript entitled “Preliminary Study of Password


Management Behaviors of Young People”, which we would like to submit as a revised version
for publication as a research paper in the Applied Science and Engineering Progress.

Below is the list of our responses to the reviewers’ comments.

Response to Comments:

Comment Response
1. Please reformat the manuscript to follow The manuscript has been reformatted to
the journal template which includes sections contain the following 4 sections: (1)
as follows 1) Introduction 2) Materials and Introduction, (2) Materials and methods, (3)
methods 3) Results and discussion 4) Results and discussion, and (4) Conclusion
Conclusion as suggested.

We hope that we have answered all the comments and addressed what were required.
We can again confirm that this manuscript has not been published elsewhere and is not under
consideration by any other journals.

Please address all correspondence to Sirapat Boonkrong, at [email protected] or at the


Institute of Digital Arts and Science, Suranaree University of Technology, Thailand.

We look forward to hearing from you at your earliest convenience.

Yours faithfully,
Sirapat Boonkrong
Highlight
Graphical Abstract

Preliminary Study of Password Management Behaviors of Young People

Method Findings

SURVEY DATA
ANALYSIS

You might also like