| Abstract [eng] |
Nowadays risk of password loss is increasing drastically among Financial technology sector. According to the IBM Security Report 2023, the average cost of a data breach in financial institutions in 2023 was $4.45 million, a 15% increase over three years. Considering the fact that today password remains the most popular type of protection and recent statistics prove that 2FA/MFA is still not 100% used among individuals, this raises the necessity of password loss risk assessment. The analysis of various scientific articles and statistical portals showed, that risk management framework has a good theoretical basis, however lacks clear and coincise pratical methodologies and tools for password loss risk assessment. Existing „password strenght“ type of tools are proved to be not efficient enough, due to their limitation and basic implementation. The purpose of this master thesis is to fill the existing gap and create a new method which would incorporate 3 main risk assessment steps: risk identification, risk calculation, risk management. The new Method for Assessing the Risk of Password Leakage was created focusing on several main password leakage risk factors: password strenght, password reuse, multi-factor authentication and social engineering-phishing influence. Using two datasets of user responses (younger individuals <25 and older individuals aged 25-45), a practical risk assessment was made for both cases. Results show that model clearly emphasises the importance of this topic, as data results show existing medium-high password loss risk levels among both group individuals. Younger individuals tend to reuse passwords, and do not update passwords frequent enough, also the lack of cybersecurity knowledge is among risk factors. On the other hand, older individuals aged 25-45 are more exposed to lack of 2FA/MFA authentication. The results of using this new method proves the existing password loss risk problem among current generation, thus raises the concern and necessity of conducting future experiments with larger datasets. |
