Communications of the ACM
A diary study of information capture in working life
Proceedings of the SIGCHI conference on Human Factors in Computing Systems
Password security: a case history
Communications of the ACM
Safe and sound: a safety-critical approach to security
Proceedings of the 2001 workshop on New security paradigms
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Voice-mail diary studies for naturalistic data capture under mobile conditions
CSCW '02 Proceedings of the 2002 ACM conference on Computer supported cooperative work
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Security in the wild: user strategies for managing security as an everyday, practical problem
Personal and Ubiquitous Computing
Password security: an empirical study
Journal of Management Information Systems
Password sharing: implications for security design based on social practice
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Do strong web passwords accomplish anything?
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
The compliance budget: managing security behaviour in organisations
Proceedings of the 2008 workshop on New security paradigms
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
Where do security policies come from?
Proceedings of the Sixth Symposium on Usable Privacy and Security
Proceedings of the 2010 workshop on New security paradigms
Confessions from a grounded theory PhD: experiences and lessons learnt
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Of passwords and people: measuring the effect of password-composition policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Self-reported password sharing strategies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A diary study of password usage in daily life
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using and managing multiple passwords: A week to a view
Interacting with Computers
Enhancing design science through empirical knowledge: framework and application
DESRIST'11 Proceedings of the 6th international conference on Service-oriented perspectives in design science research
A field study of user behavior and perceptions in smartcard authentication
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
How does your password measure up? the effect of strength meters on password creation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
Video-passwords: advertising while authenticating
Proceedings of the 2012 workshop on New security paradigms
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Building better passwords using probabilistic techniques
Proceedings of the 28th Annual Computer Security Applications Conference
Understanding the weaknesses of human-protocol interaction
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
CASA: context-aware scalable authentication
Proceedings of the Ninth Symposium on Usable Privacy and Security
Usability and security evaluation of GeoPass: a geographic location-password scheme
Proceedings of the Ninth Symposium on Usable Privacy and Security
Measuring password guessability for an entire university
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Federated identity to access e-government services: are citizens ready for this?
Proceedings of the 2013 ACM workshop on Digital identity management
Pitfalls in the automated strengthening of passwords
Proceedings of the 29th Annual Computer Security Applications Conference
Account sharing in the context of networked hospitality exchange
Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing
Hi-index | 0.01 |
HCI research published 10 years ago pointed out that many users cannot cope with the number and complexity of passwords, and resort to insecure workarounds as a consequence. We present a study which re-examined password policies and password practice in the workplace today. 32 staff members in two organisations kept a password diary for 1 week, which produced a sample of 196 passwords. The diary was followed by an interview which covered details of each password, in its context of use. We find that users are in general concerned to maintain security, but that existing security policies are too inflexible to match their capabilities, and the tasks and contexts in which they operate. As a result, these password policies can place demands on users which impact negatively on their productivity and, ultimately, that of the organisation. We conclude that, rather than focussing password policies on maximizing password strength and enforcing frequency alone, policies should be designed using HCI principles to help the user to set an appropriately strong password in a specific context of use.