While passwords have served the purpose of authentication throughout human history, text passwords have dominated human-computer authentication since the 1960s. In effort to assess the potential effectiveness of passwords in preventing the development and progression of cyber-dependent crimes, we searched in six major academic search engines for studies published between the years 2000-2016 using experimental or quasi-experimental research designs. Our findings suggest that there is no empirical consensus regarding the actual level of security achieved by the implementation of passwords in terms of preventing the occurrence and development of cyber-dependent crimes. Overall, password security research has taken two main approaches. Under the first approach, scholars have employed a range of technical tools to crack different types of passwords. While some of these studies report a very high success rate in breaking passwords, most prior research in this area reported password cracking success rates between 20%-50%. The second approach for the study of passwords assesses how different semantic and structural elements of a password determine its guessing resistance. However, we could not find any empirical research that assesses the effectiveness of passwords in preventing the development and progression of hacking incidents, malware infections, and DDoS attacks.
Maimon, David, "Existing Evidence for the Effectiveness of Passwords in Preventing Cyber Crime Incidents" (2019). EBCS Tools. 2.