Essential lessons still not learned? Examining the password practices of end-users and service providers
Document Type
Conference Proceeding
Publisher
Springer
Faculty
Faculty of Health, Engineering and Science
School
ECU Security Research Institute
RAS ID
15994
Abstract
Password authentication remains the dominant form of user authentication for online systems. As such, from a user perspective, it is an approach that they are very much expected to understand and use. However, a survey of 246 users revealed that about one third chose weak passwords, including personal information or dictionary words. To prevent such forms of bad security behavior, service providers should offer support, but the reality of the situation suggests that tangible weaknesses can exist amongst both parties, and thus despite their long-recognised importance, good password practices have yet to become an established part of our security culture. An experimental study was conducted in order to investigate the effect of providing password guidance upon end users' password choices. The findings revealed that the mere presentation of guidance (without any accompanying enforcement of good practice) had a significant effect upon the resulting password quality.
DOI
10.1007/978-3-642-39345-7-23
Comments
Furnell, S. , & Bar, N. (2013). Essential Lessons Still Not Learned? Examining the Password Practices of End-Users and Service Providers . In Human aspects of information security, privacy, and trust first International Conference, HAS 2013, held as part of HCI International 2013, Las Vegas, NV, USA, July 21-26, 2013. Proceedings (pp. 217-225). Berlin, Germany: Springer. Available here