<研究ノート>パスワード管理方法教育の必要性と具体的な方法について --紙のメモと表計算ソフトを併用した方法の提案とその実用性についての検討--

Abstract

Login passwords are likely to be one of the authentication methods used on Internet sites for some time to come, but there are problems. For example, frequently used login passwords such as “password” can be easily guessed, and short login passwords can be discovered even if account locking is enabled on the server side. Also, if you use the same login password at other sites, leakage is likely to occur. In order to prevent these problems, cooperation among users is required. However, looking at the results of a certain questionnaire, it turned out that considerable reuse is being carried out among Internet users. The reason for this is thought to be that the methods of managing login passwords which has been recommended so far was difficult to use for many users. Therefore, we would like to propose a safer and more feasible login password management method that can be used in school education. Specifically, it is a method of using OS vendor application software for encryption and using an encryption key of 15 characters or more in accordance with NISC recommendations. By using a sufficiently long encryption key, a brute force attack can be avoided and the encryption key will not be leaked. Since the encryption key is not leaked, one encryption key can be reused many times. If there are a few encryption keys, they are easy to remember and easy to manage even if they are written down on paper. We believe that teaching this method in schools will reduce the reuse of Internet users' login passwords. In this paper, we would also like to propose preparing alternative passwords in advance as a method to avoid the reuse of login passwords.