 Okay, hi. Thank you for the great introduction. I've been working on offender's behavior and decision making for like more than seven years now and I will continue in the future. But today I wanted to talk about the protection of users. So because we will talk about passwords. So password best practices imply that the password is impossible to remember and that it is never written down. So the idea of protection behind passwords is an excellent idea. But like every technologies come with consequences and this solution seems to have been made more for computers than for humans because it's impossible for humans to just remember a list of a hundred passwords with strings of random characters. So I know that today we have solutions like password managers but most people don't use that yet. And we still need passwords to use this. So studies show that there is a difference in cybersecurity knowledge or literacy across the country. So there is a difference between the level of knowledge across the country and this is what I wanted to explore in this research project. Each year the company NordPass released a list of the 200 most common passwords by countries. The list of passwords is a compilation of cybersecurity incidents that happen in a year and it comes from data breaches so continuing users passwords. And the list is compiled is created from four terabytes of information so a lot of data breaches. And it includes well this year I don't know if it's the case for each year but this year 49 countries. So here is some more information about the list, the data that I use for this research. So the 200 most common password for each country comprises between 169,146 million users per country. This means that in some countries there is 146 million people who use the 200 same passwords. But it also means that in other countries there is a lot less people using the same 200 passwords and that is very good for them. Here the list contains the most common passwords not necessarily the worst password. So to determine how good is a password you can observe the cracking time. So when an attacker rob a list of username and passwords the information is usually encrypted and time to crack will be the time it takes to decrypt the information. So the average time to crack password is for in this sample is more than two million seconds. So it ranges from zero to three billion seconds. And here the mean time to crack is not a very good measure to understand the sample because it's very high and it's like everyone is very good at creating passwords but it's not the case. The vast majority of passwords included in the list can be cracking less than a minute. So the fact that the mean time to crack password is high is because there is some pretty good password in those 200 most common passwords. So a much more representative measure would be the median more than the mean. So which is if you order number like ascending numbers to with the cracking time you yeah. So right in the middle the median is like right in the middle you have the two second. That means that most people use like passwords that can be cracking less than two seconds. This leads to wonder which countries are the best and the worst in term of password performance. I base this calculation on the mean time to crack the maximum time to crack present in the list the number of users sharing the same password and the percentage of password that can be cracking less than a minute. So here is the list of the best country to be in this list the country has to be the best in two to three criteria that I just mentioned. The country with the little stars indicate that yes they were the best in two to three criteria but they were also come up they also come up as the worst in the top 10 words for one criteria. So they are not so good. Canada for example we are among the best for the maximum time to crack and for the mean time to crack nevertheless we are among the worst concerning the number of password that can be cracked in less than a minute. So this means that most people choose weak passwords and but a larger number of people when compared with other countries have better passwords habit because they use stronger passwords. Here is the list of the worst country in terms of password performance of course. So same thing here to be in this list you have to be the worst in two to four criteria that I presented and if there's a little star it's a little bit more positive here. So it indicates that this country also came out in the top 10 best for one criteria. So let's take the United States as an example. So they are the worst in all categories except for the mean time to crack. It means that some people have very very strong passwords and it increases the mean for the country. So in the United States some people have better password hygiene we can conclude that. So why do country do not have the same performance level in term of password choice? So this lead to the hypothesis that a characteristic of the countries contribute to the overall performance of password strength. So in other words which macro social variable predict the overall performance of a population in term of password strength that was my research question. So here is how I proceeded to answer this question. So in order to account for the strength of password I took into consideration the mean time to crack. Remember I said the mean time to crack was not a good criteria to understand the sample earlier I said that but now because we want to measure the we want to compare the countries overall now it's a very interesting measure to see to look at. And then several macro social variable have been considered to create a model explaining or predicting password strength. This was the goal of all this. So a total of 29 different measures have been considered in the exploration of possible models. Of course the model do not contain those 29 variables but here they are. So I try all that I look at all that is the list have been testing. So the list are the most recent data available coming from official sources like World Bank for example. And so this was too many variable to possibly enter in a model of course. So many tests have been done to for selecting those that would form the model the final prediction model. So one example of a test that I have done before starting to create the model is a matrix of correlation. So variable that correlates to I together would create a problem of multicollinearity for our prediction model. So we need to avoid that. So for example here the number of internet user was highly correlated with the level of digital adoption in a country. That makes sense right. So it would have been an error to put those two variables in the model. So we had to take one off. Same thing here political stability is correlated strongly with regulatory quality but also with control and corruption and with governance effectiveness and with a bunch of other variables. So it is an example of variable that is not interesting to put in the model. So you're following me. This helped me to select and try the different variable from the list. Then I use a multiple linear regression to build a model of prediction of password string. So I try a dozen different model to finally identify the variable that were in fact predicting password string. So after many tests I kept six variables from the list I previously showed you. So here I present them to you. So first voice and accountability. This is one of the six components of governance indicator as stipulated by the World Bank. So it reflects the perception of the extent to which a country citizen are able to participate in selecting their government as well as freedom of expression, freedom of association and freedom of press. That means in other words that it gives an idea of the overall liberty of the population. So let's see if this have a link with the password string. Then there's the global security index which is a trusted reference that measured the commitment of countries in the investment in cybersecurity. So do countries invest in cybersecurity and is this having an impact on password string? And then digital skills was my third variable. It represents the extent to which the active population possess sufficient digital skills and this includes computer skills, basic coding, digital readings or a bunch of things. Cyber security exposure index. It's based on data collected publicly available on publicly available source like on the dark web, on the deep web, on data breaches. So based on that we want to calculate the exposure of a country. So how many attacks did they suffer in a year? Then the literacy. The level of literacy among a population measures the percentage of adults in the population who are able to read and write in their own language. So a higher literacy rate is an indication of higher standard of education. So this was an interesting variable to put in the model. Finally, we tested the GDP per capita. So the gross domestic product. A population, it is a standard measures of the value created through the production of goods and services in the country during a certain period of time. As such, it also measured the income earned from that production or the total amount spent on final goods and services. So it is a variable that is strongly associated with all kind of aspect of technologies in country. So that's what we see in the literature. So it made a lot of sense to include that in the model. To see if it also correlate with password strength. So here is the result. I didn't put the boring table that goes with it. So the first four variable were predicting password behavior. So when it increases, password strength also increased. And the two last did not predict password strength. So let's explore each of those. So the popularity or the spread of internet in a country have been associated by researchers with a greater level of voice and accountability, which means the liberty of the population. A strong positive association have been shown between security capacity and voice and accountability in the literature. So this goes along with the result of our study because it was correlated with it. It was a good predictor of password strength. Researchers have shown that higher cybersecurity is related to a lower similarity between passwords inside the population and therefore better habits of selecting passwords. So to confirm this section of the literature, we use the global cybersecurity index, which measures the commitment and investments of the countries. And we found that countries' investment in cybersecurity predicts stronger passwords. So yes, investments in cybersecurity pays. The results show that the number of cybersecurity incidents in the country is positively associated with password strength. So the more a country is under attack and the more people use strong passwords. So that's very interesting because this suggests that people are sensible to the importance of protecting data with strong passwords when they are exposed to more cybersecurity incidents. The literature have documented that users are well aware of the meaning of a data breach. We have seen in the past that when a company will flag or indicate or notify a data breach, people like the market will go negatively for them, will go down for them. And we also see that after a data breach, most people in a study they were saying as much as 75% of people would change their password or switch the account. So people know that data breach is bad and they know that they have to modify their behavior and they seems to be doing it. And this goes along with all this literature literacy is an important aspect to consider from my perspective in this study as it is directly connected to the use of technologies. To seek, evaluate, use information found on the internet, readers must navigate to their reading process. If not, it's too complicated. So because being knowledgeable is closely related to the capacity to acquire knowledge, and that means knowing how to read, it was like people with low level of literacy would have a lot of problems to adapt and to learn. So it is not surprising the result is therefore when the level of literacy of a population increases, the strength of password increases. It makes a lot of sense. And then these two variables in the model were not predicting password strength, but I chose to show them to you because it was really interesting too, because we thought that it would correlate. So digital skills have been defined as the ability to use various digital technology or application. Digital skills have been shown to impact the variety of online behavior. However, our study points toward the fact that the digital skills is not a synonym of efficient use of protection. So we thought that it would go along, but it's not a good indicator. I also tested the GDP and you might wonder why, but the adoption of technology in a country have been proven to be impacted by many factors, including the economic growth of a population. So underdeveloped and developing countries have inferior infrastructure, less effective manpower and their business model did not, did not yet shift between the industrial age to the information age. So this result might be, sorry. The result of the study indicate that wealth disparity does not influence strong password. And this result might be explained by the sector in which developed country invest. Also past study have shown that countries need to acquire experience with IT before their investments start to pay. So if I want to summarize all this, there is this result say that benefiting from, from resources is not enough alone to explain or to be effective in for the use of technology and protection. So in this presentation, it's my last slide. In this presentation, we looked at the factor that most influence password strain, which offer new knowledge about passwords habits and various develop and developing country setting. The big conclusion is that yes, the environment of user is affecting their behavior and their choice of passwords. We, the result points are the importance of countries investment in cybersecurity. It also show that democracies help users to do better choice for password protection. This is probably due to the access of information. Also, there's a new hot subject in cybersecurity and you might have heard of, we talk a lot about resistance, resilience, sorry, about resilience of users. It's a new hot topic. And this is one of the conclusion of this study too. Users are resilient. We know that because the population that are victim of higher at level of, of data breaches will do better at choosing passwords. And finally, the general education presented through the level of literacy is a better indicator of password strain than, than specific digital skills. So user habit in a, in relation to cybersecurity is frequently examined from a micro perspective, using, for example, survey results to obtain impactful factors that that influence individual decision making. But our research differs by focusing on country specific factors. And those factors help determine users vulnerabilities at a macro level and might be useful for policy around cybersecurity. So that's it. Thank you.