IMPROVING PASSWORD POLICY AND USING MODERN PASSWORD MANAGERS TO ENHANCE CYBER RESILIENCE OF INFORMATION AND COMMUNICATION SYSTEMS

20260 citationsJournal Articlediamond Open Access

Authors

Roman Shtonda · Military Institute of Telecommunications and Informatization

Roman Zozulia · Military Institute of Telecommunications and Informatization

Olena Bokii · Military Institute of Telecommunications and Informatization

Abstract

The article presents a comprehensive study of current password policy issues in modern information and communication systems. It is substantiated that in the face of rapid computer technology development and the growing computing capabilities of cyber adversaries, traditional authentication methods require a significant overhaul. The authors identify key shortcomings of existing approaches, including the use of outdated hashing algorithms, the complexity of implementing multi-factor authentication (MFA) across all workstations, and the critical impact of the human factor (password reuse, storing credentials in plaintext). Particular attention is paid to the analysis of password entropy as the primary indicator of resistance to brute-force attacks. The paper provides a classification of entropy levels based on the sensitivity of the protected information: from 40–64 bits for public data to over 112–128 bits for critical infrastructure objects and restricted access information. The authors demonstrate that the use of modern graphics processing units (e.g., NVIDIA RTX 4090) allows attackers to crack weak passwords (based on MD5 or SHA-1) in mere minutes, making the transition to long and complex password combinations vital for security. It is proven that meeting the requirements of modern password policies is practically impossible for the average user without the use of specialized software. In this regard, the functional capabilities and security architecture of leading password managers – 1Password, Bitwarden, and LastPass – are analyzed in detail. Their encryption algorithms (AES-256, Argon2id, PBKDF2) and the "zero-knowledge" concept, which guarantees that only the master password holder can access the data, are thoroughly examined. The article proposes recommendations for selecting the optimal password length depending on the character set used to achieve target entropy indicators. The authors emphasize that the implementation of automated password management tools combined with multi-factor authentication is a fundamental condition for strengthening national security and increasing the cyber resilience of information and communication systems of state organizations and institutions.

Topics & Keywords

Cybersecurity and Information Systems User Authentication and Security Systems Economic and Technological Systems Analysis

UN Sustainable Development Goals

Industry, innovation and infrastructure

Publication Details

Published in: Cybersecurity Education Science Technique

DOI: 10.28925/2663-4023.2026.32.1114

Field-Weighted Citation Impact: 0.00