1. Gabatarwa & Bayyani
Shigar da kalmar sirri ya ci gaba da zama babbar hanyar tsaro a rayuwar dijital, amma yana da cikas a tushe. Masu amfani suna da nauyin tunani mai yawa, suna sarrafa matsakaicin asusu 25 masu kalmar sirri kuma suna shigar da kalmomin sirri sau takwas a kowace rana. Duk da yaduwar sanin mafi kyawun ayyuka, raunin kalmomin sirri ya ci gaba, yana sa tsarin ya zama mai rauni ga zamba, dabarun zamantakewa, da hare-haren ƙarfi. Wannan binciken ya mai da hankali daga *ƙirƙira* kalmar sirri zuwa *fahimtar* kalmar sirri, yana bincika ko asalin mai amfani—musamman matakin iliminsa, sana'arsa, da ƙwarewar fasaha da ya ruwaito—yana rinjayar ikonsa na yin hukunci daidai game da ƙarfin kalmar sirri. Tsarin binciken ya ƙalubalanci zaton cewa masu amfani a asalinsu sun fahimci abin da ke tattare da kalmar sirri mai 'ƙarfi', wata gibi mai mahimmanci a cikin ilimin tsaro da ƙirar kayan aiki.
2. Hanyar Bincike
2.1 Ƙirar Bincike & Mahalarta
Binciken ya yi amfani da ƙirar tushen bincike tare da faffadan mahalarta. An gabatar da mahalarta da kalmomin sirri 50 da aka riga aka ƙirƙira kuma aka nemi su yiwa kowace lakabi da 'rauni' ko 'ƙarfi'. Ba a ba da mitocin ƙarfin kalmar sirri ba, don keɓance fahimtar asali. An tattara bayanan alƙaluma kan ilimi (misali, sakandare, digiri na farko, digiri), sana'a (IT da ba IT ba), da matakin ƙwarewar fasaha da aka tantance da kansa (misali, mai farawa, matsakaici, ƙwararre) ta hanyar bayar da rahoto da kansa.
2.2 Tattara Bayanai & Bincike
An haɗa ƙididdiga na yawan rarrabuwar 'rauni' da 'ƙarfi' don kowace ƙungiyar mahalarta. Babban kayan aikin bincike shine Gwajin Chi-square na 'Yanci ($\chi^2$), wanda aka yi amfani da shi don tantance ko akwai alaƙa mai mahimmanci a ƙididdiga tsakanin kowane ma'auni mai zaman kansa (ilimi, sana'a, ƙwarewa) da ma'aunin dogaro (mitar gano ƙarfin kalmar sirri).
3. Muhimman Bincike & Sakamako
Taƙaitaccen Sakamako Mai Muhimmanci
An Gano Alaƙa Mai Muhimmanci: Tsakanin ilimin mahalarta/sana'a da yawan gano kalmomin sirri masu rauni da masu ƙarfi.
Bambanci Mai Ban Mamaki: Ba a sami alaƙa mai mahimmanci tsakanin matakin ƙwarewar fasaha da gano kalmomin sirri masu ƙarfi ba.
3.1 Alaƙar Ƙididdiga
Gwaje-gwajen Chi-square sun bayyana alaƙa mai mahimmanci (p < 0.05) ga yawancin haɗuwar ma'auni. Wannan yana nuna cewa asalin ilimin mai amfani da fannin sana'arsa suna da alaƙa da yadda suke fahimtar ƙarfin kalmar sirri. Misali, mutanen da ke da ilimi mafi girma ko a cikin sana'o'in da suka shafi IT sun nuna nau'ikan hukunce-hukuncen daban-daban idan aka kwatanta da sauran.
3.2 Sabani na Ƙwarewar Fasaha
Binciken da ya fi saba wa hankali shi ne rashin alaƙa mai mahimmanci tsakanin ƙwarewar fasaha da aka ruwaito da kansa da ikon gano kalmomin sirri masu *ƙarfi*. Yayin da ƙwarewar fasaha ta yi daidai da gano kalmomin sirri masu *rauni*, bai ba da fa'ida a gane waɗanda da gaske suke da ƙarfi ba. Wannan yana fallasa babban aibi na dogaro ga tantancewar mai amfani da kansa ko ƙwarewar fasaha gabaɗaya don yin hukunci na tsaro.
4. Cikakkun Bayanai na Fasaha & Tsarin Bincike
4.1 Gwajin Chi-Square na 'Yanci
Binciken ya dogara ne akan gwajin Chi-square, wanda aka tsara shi kamar haka: $\chi^2 = \sum \frac{(O_i - E_i)^2}{E_i}$, inda $O_i$ shine mitar da aka lura (misali, adadin kiran 'ƙarfi' daga ƙwararrun IT) kuma $E_i$ shine mitar da ake tsammani idan babu alaƙa. Babban ƙimar $\chi^2$ idan aka kwatanta da matakan 'yanci yana nuna cewa ma'auni ba su da 'yanci.
4.2 Misalin Tsarin Bincike
Hali: Binciken Tasirin Sana'a
Mataki na 1: Ƙirƙiri tebur na gaggawa: Layuka = Sana'a (IT, Ba IT ba), Ginshiƙai = Hukunci (Daidai akan Kalmomin Sirri Masu Ƙarfi, Ba Daidai ba akan Kalmomin Sirri Masu Ƙarfi).
Mataki na 2: Lissafta mitocin da ake tsammani ba tare da alaƙa ba. Misali, IT-Daidai da ake tsammani = (Jimillar Layin IT * Jimillar Ginshiƙin Daidai) / Jimillar Gabaɗaya.
Mataki na 3: Lissafa $\chi^2$ ta amfani da dabarar da ke sama.
Mataki na 4: Kwatanta $\chi^2$ da aka lissafta zuwa ƙimar mahimmanci daga teburin rarraba $\chi^2$ tare da matakan 'yanci da suka dace (df = (layuka-1)*(ginshiƙai-1)). Idan aka lissafta > mahimmanci, ƙi hasashen rashin 'yanci.
5. Iyakoki & Tasiri
5.1 Iyakokin Bincike
- Karkatar da Kai da Kai: Bayanai kan ƙwarewa da sana'a sun dogara da gaskiyar mahalarta da fahimtar kai, wanda ƙila baya nuna iyawar haƙiƙa.
- Zato na Harshe & Ra'ayi: Binciken ya ɗauka cewa karatun Turanci da fahimtar asali na 'ƙarfin kalmar sirri', wanda ƙila ya keɓe ko kuma ya karkatar da wasu al'ummomi.
- Rashin Sarrafa Kayan Aiki: Binciken bai hana mahalarta yin amfani da masu duba kalmomin sirri na waje ba, ko da yake ƙirar tana nufin auna fahimtar asali.
5.2 Tasiri Mai Amfani
Sakamakon ya jaddada cewa ba za a iya ba da tsaron kalmar sirri ga hasashe na mai amfani ba. Ana buƙatar horon tsaro na duniya, tun ma ƙwararrun masu amfani na fasaha ƙila ba za su gane kalmomin sirri masu ƙarfi ba. Wannan yana goyan bayan wajibcin amintattun, mitocin ƙarfin kalmar sirri masu daidaito (sabanin waɗanda Carnavalet da Mannan suka gano ba su da daidaito) kuma yana tura labarin zuwa ga manufofin da tsarin ya tilasta da kuma amfani da Shigar da Abubuwa Da Yawa (MFA) marasa rauni ga zamba.
6. Ra'ayin Manazarcin: Cikakkiyar Fahimta & Zargi
Cikakkiyar Fahimta: Takardar ta ba da bugun ciki ga zaton masana'antar tsaro cewa masu amfani 'masu fasaha' masu aminci ne. Babban binciken da ta gano—cewa ƙwarewar fasaha ba ta taimaka maka gano kalmar sirri mai ƙarfi ba—wahayi ne. Ya tabbatar da cewa ƙarfin kalmar sirri ba ra'ayi ne na asali ba amma dabara ce da aka koya, kuma hanyoyinmu na yanzu na koyar da ita suna kasawa gaba ɗaya.
Matsala ta Hankali: Hankalin binciken yana da inganci: keɓance fahimta daga ƙirƙira, yi amfani da bayanan alƙaluma masu ƙarfi, da kuma amfani da ƙididdiga masu dacewa. Matsar daga "yadda masu amfani ke yin kalmomin sirri" (Ur et al., 2015) zuwa "yadda masu amfani ke yin hukunci kan kalmomin sirri" juzu'i ne mai wayo kuma mai mahimmanci. Ya gano daidai cewa sarkar tsaro ba ta karye kawai a lokacin ƙirƙira ba, amma a kowane mataki na gaba na tantancewa da sake amfani.
Ƙarfi & Kurakurai: Ƙarfin binciken shine tsarinsa bayyananne, mai mai da hankali da kuma ɗimbin mahalartansa na zamantakewa, wanda ke ba da nauyin binciken. Duk da haka, kurakuransa suna da mahimmanci kuma galibi sun yarda da kansu. Dogaro ga ƙwarewar fasaha da aka ruwaito da kansa shine dugadugan binciken; abin da mutane *suke tunanin* sun san game da tsaro sau da yawa ya rabu da gaskiya, kamar yadda nasarar zamba mara iyaka ta tabbatar. Rashin sarrafa kayan aiki na waje babban rami ne na hanyar bincike—a duniyar haƙiƙa, masu amfani *za su* yi amfani da Google.
Fahimta Mai Aiki: 1) Kashe Rashin Daidaituwar Ma'aunin Kalmar Sirri: Jagororin Shaidar Dijital na NIST (SP 800-63B) sun ƙi ƙa'idodin haɗaɗɗun abubuwa da sake saiti na tilas saboda dalili. Dole ne masana'antu su daidaita mitocin ƙarfi akan lissafin tushen ɓacin rai ($H = L * \log_2(N)$ don tsawon L da saitin alama N) kuma su daina ba da amincewa na ƙarya. 2) Ketare Hukuncin ɗan Adam Gaba ɗaya: Babban abin da za a ɗauka shi ne cewa dole ne mu tsara tsarin da zai iya jure wa mummunan hukuncin ɗan adam. Wannan yana nufin ƙaddamar da ƙa'idodin FIDO2/WebAuthn marasa kalmar sirri da ƙarfi da MFA maras rauni ga zamba (kamar waɗanda ƙungiyar FIDO ta goyi bayan), matsawa daga sirrin da masu amfani dole su yi hukunci zuwa ga tabbataccen sirri wanda ba za su iya ɓata ba. Makomar ba horar da masu amfani mafi kyau ba ce; gina tsarin inda laifuffukan fahimtarsu ba su da mahimmanci.
7. Aikace-aikace na Gaba & Jagororin Bincike
- UI/UX na Tsaro Mai Mai da Hankali kan Fahimta: Ƙirƙirar mu'amala da ke jagorantar fahimta daidai, ta amfani da dabarun daga ilimin halayyar ɗan adam, ba kawai mitoci masu tsayi ba.
- Horar da Tsaro Na Musamman Mai Gudanar da AI: Yin amfani da samfuran koyon injina don bincika takamaiman gibin fahimtar mai amfani (misali, ƙima ƙasa da ƙima akai-akai) da kuma ba da ra'ayi na musamman.
- Nazarin Tsakanin Al'adu: Bincika yadda fahimtar ƙarfin kalmar sirri ke bambanta a cikin harsuna, al'adu, da tsarin ilimi don ƙaddamar da ƙa'idodin ƙirar tsaro a duniya.
- Haɗawa da Masu Sarrafa Kalmar Sirri: Bincika yadda amfani da masu sarrafa kalmomin sirri ke canza fahimta da hukunci na ƙarfi, yana iya ɗaukar nauyin tunani daidai.
- Nazarin Tsawon Lokaci: Bin diddigin yadda fahimta ke canzawa bayan horo da aka yi niyya ko manyan keta tsaro don auna ingancin shisshigin ilimi.
8. Nassoshi
- Pittman, J. M., & Robinson, N. (ba a san ranar ba). Launuka na Fahimta: Abubuwan da Masu Amfani ke da su wajen Gano Ƙarfin Kalmar Sirri.
- Ur, B., et al. (2012). Yaya kalmar sirrinka ta auna? Tasirin mitocin ƙarfi akan ƙirƙirar kalmar sirri. Babban Taron Tsaro na USENIX.
- Ur, B., et al. (2015). "Na ƙara '!' a ƙarshen don sanya ta amintacce": Lura da ƙirƙirar kalmar sirri a cikin dakin gwaje-gwaje. SOUPS.
- Carnavalet, X. D. C., & Mannan, M. (2014). Babban Ƙimar Manyan Mitocin Ƙarfin Kalmar Sirri Masu Tasiri. Jaridar ACM kan Tsaro na Bayanai da Tsarin.
- Florencio, D., & Herley, C. (2007). Babban nazarin halayen kalmar sirri ta yanar gizo. Proceedings of the 16th international conference on World Wide Web.
- Cibiyar Ƙididdiga ta Ƙasa (NIST). (2017). Jagororin Shaidar Dijital (SP 800-63B).
- Ƙungiyar FIDO. (ba a san ranar ba). Ƙa'idodin FIDO2 & WebAuthn. An samo daga https://fidoalliance.org/fido2/