User Behaviours Associated with Password Security and Management

Kay Bryant, John Campbell

Abstract


Control mechanisms established on the boundary of an information system are an important preliminary step to minimising losses from security breaches. The primary function of such controls is to restrict the use of information systems and resources to authorized users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, the literature shows that passwords are often compromised through the poor security and management practices of users. This paper examines user password composition and security practices for email accounts. The results of a survey that examines user practice in creating and using passwords are reported. The results show that many users know about the risks of hackers, viruses and so on and take preliminary steps to combat them such as having passwords longer than eight characters. However, this appears to be as far as many users are willing to accede to the probability that their information and computing resources can be compromised. This paper makes some recommendations for the education of users in creating and maintaining their passwords. The responsibility for these educational programs can be shared between governments, organisations, educational institutions at all levels, and software vendors.

Keywords


behaviour; behavior; password; user

Full Text:

PDF


DOI: http://dx.doi.org/10.3127/ajis.v14i1.9

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Creative Commons License
ISSN: Online: 1326-2238 Hard copy: 1449-8618
This work is licensed under a Creative Commons Attribution-NonCommercial Licence. Uses the Open Journal Systems. Web design by TomW.