IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.4, April 2010 19 Survey on Awareness and Security Issues in Password Management Strategies D.Santhi Jeslet 1 , G.Sivaraman 2 , M. Uma 3 , Dr.K.Thangadurai 4 , Dr. M.Punithavalli 5 1&2 Department of Computer Science, M.G.R.College,Hosur,TN, India 3 Research scholar, Dravidian University, Kuppam, AP, India 4 Department of Computer Science, Government Arts College( Men ) , Krishnagiri- 635 001, India 5 Director, Sri Ramakrishna College of Arts & Science for Women, Coimbatore - 641 044. India. Abstract Any communication via Internet travels across unsecured channels. This gives raise to security breaches. So user identification and authentication is needed to overcome these security breaches. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged. However, this survey shows that passwords are often compromised through the poor security and management practices of users. This paper also concentrates on user password composition and security practices for email accounts. The results of a survey that examines user practice in creating and using passwords are reported. Toward the end of this paper, we give some recommendation for the education of user in creating and maintaining their passwords. Keywords: Password management, security, user authentication, password composition and management. 1. Introduction Computers and information system are dominating our modern world. Internet is the technology that helps to access the widespread computing and communication networks. Any communication via internet travels across unsecured channels. This gives raise to security breaches. User identification and authentication along with encryption key distribution is one of the important function provided by communication network services. The use of specialized software and hardware such as firewalls is used to implement basic access control. The means by which users make themselves known to the system is through a unique identifier such as name or an account number. Once the access control mechanism establishes that the user is a valid user, authentication of that user is undertaken. The first step in minimizing loss of information is to establish security on the boundary of a system. Access controls are the usual type of security control implemented on the boundary of a system [5]. The main functions of these controls are to restrict the use of system and resources to authorized user. Apart from this, it limits the type of actions that authorized users can perform. Users can be authenticated by following any one of the approach [6]: • Smart card or other token • Fingerprint, Retinal image, Voice or Facial pattern • Password or PIN. Each approach has its own advantages and flaws. Regardless of the approach selected by the organization, there is a trade-off between the value of resources and the effectiveness and cost of implementing and maintaining it. Even though significant advances have been made in graphics-based approaches, password remains the most common approach for authenticating a user. In spite of their weaknesses, passwords-based system prevails because they can prove effective protection if they are used correctly. However, they are simple for both system designers and end users. End users often compromise password security by forgetting them, writing them somewhere, sharing them with other people and selecting easily guessed words. Research has shown that users are one of the main risks to the effectiveness of security measures designed to counter information system threats. [4]. Users are helpless to security threats. This is because many do not have adequate knowledge to recognize the risks nor to implement appropriate protection mechanism. This study focuses on password issues by examining the behaviors of the user when creating and managing passwords. This paper also gives the outlines of the major problems associated with password-based authentication system. Manuscript received April 5, 2010 Manuscript revised April 20, 2010