Volume 5, 2017: Issue 1

 PDFDownload the article (Free)


Strong password? Not with your social network data!


Ruti Gafni, The Academic College of Tel Aviv Yaffo, Israel

Tal Pavel, The Academic College of Tel Aviv Yaffo, Israel

Raz Margolin, The Academic College of Tel Aviv Yaffo, Israel

Ben Weiss, The Academic College of Tel Aviv Yaffo, Israel


Passwords are the standard means of registration and access to Websites, information systems, online services and various social networks. Databases are increasingly breached and social engineering is employed to obtain usernames and passwords for online fraud, therefore, there is a need to secure existing passwords, and to create ones that will be more crack-resistant. This study addresses the issue of personal data, which users enter on social networks, and incorporate in passwords, as well as how tracking and identifying this data assists hackers in cracking these passwords. The study focuses on Facebook, conducting an online anonymous questionnaire among 195 respondents, and an experiment among a voluntary response sample of 72 participants, in which passwords were tried to been deciphered by a custom dictionary attack. The findings confirm a link between the use of accessible online personal data and success rates of password deciphering. The findings underscore the grave threat to users’ information security - not only as a result of their voluntary exposure of personal data on social networks, but also due to the integration of this data into their passwords. The study argues the need to emphasize users' awareness to their password strength, with this vulnerability in mind.


Passwords, password guessability, social networks, privacy, personal information in passwords, dictionary attack, cybersecurity




Research paper


The Online Journal of Applied Knowledge Management (OJAKM), ISSN: 2325-4688


International Institute for Applied Knowledge Management (IIAKM)


4 May 2017