User models: theory, method, and practice
International Journal of Man-Machine Studies
The diary study: a workplace-oriented research tool to guide laboratory efforts
CHI '93 Proceedings of the INTERACT '93 and CHI '93 Conference on Human Factors in Computing Systems
E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior
Proceedings of the 3rd ACM conference on Electronic Commerce
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
User Modeling in Human–Computer Interaction
User Modeling and User-Adapted Interaction
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A model for notification systems evaluation—assessing user goals for multitasking activity
ACM Transactions on Computer-Human Interaction (TOCHI)
ACM Transactions on Computer-Human Interaction (TOCHI)
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Towards a composite modelling approach for multitasking
TAMODIA '04 Proceedings of the 3rd annual conference on Task models and diagrams
Privacy and Rationality in Individual Decision Making
IEEE Security and Privacy
When participants do the capturing: the role of media in diary studies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Privacy practices of Internet users: self-reports versus observed behavior
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Password security: an empirical study
Journal of Management Information Systems
The usability of passphrases for authentication: An empirical field study
International Journal of Human-Computer Studies
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Improving password security and memorability to protect personal and organizational information
International Journal of Human-Computer Studies
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Representations and user-developer interaction in cooperative analysis and design
Human-Computer Interaction
A Logical and Computational Theory of Located Resource
Journal of Logic and Computation
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Semantics for structured systems modelling and simulation
Proceedings of the 3rd International ICST Conference on Simulation Tools and Techniques
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
Where do security policies come from?
Proceedings of the Sixth Symposium on Usable Privacy and Security
Proceedings of the 2010 workshop on New security paradigms
Of passwords and people: measuring the effect of password-composition policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using and managing multiple passwords: A week to a view
Interacting with Computers
Interleaving tasks to improve performance: Users maximise the marginal rate of return
International Journal of Human-Computer Studies
| Hi-index | 0.00 |
To inform the design of security policy, task models of password behaviour were constructed for different user groups-Computer Scientists, Administrative Staff and Students. These models identified internal and external constraints on user behaviour and the goals for password use within each group. Data were drawn from interviews and diaries of password use. Analyses indicated password security positively correlated with the sensitivity of the task, differences in frequency of password use were related to password security and patterns of password reuse were related to knowledge of security. Modelling revealed Computer Scientists viewed information security as part of their tasks and passwords provided a way of completing their work. By contrast, Admin and Student groups viewed passwords as a cost incurred when accessing the primary task. Differences between the models were related to differences in password security and used to suggest six recommendations for security officers to consider when setting password policy.