Introducing the Check-Off Password System (COPS): An Advancement in User Authentication Methods and Information Security
Merrill Warkentin (Mississippi State University, USA), Kimberly Davis (Mississippi State University, USA) and Ernst Bekkering (Mississippi State University, USA)
Copyright: © 2008
The objective of information system security management is information assurance: to maintain confidentiality (privacy), integrity, and availability of information resources for authorized organizational end users. User authentication is a foundation procedure in the overall pursuit of these objectives, and password procedures have historically been the primary method of user authentication. There is an inverse relationship between the level of security provided by a password procedure and ease of recall for users. The longer the password and the more variability in its characters, the higher the level of security provided by such a password (because they are more difficult to violate or “crack”). However, such passwords tend to be more difficult for end users to remember, particularly when the password does not spell a recognizable word (or includes non-alphanumeric characters such as punctuation marks or other symbols). Conversely, when end users select their own more easily remembered passwords, the passwords may also be easier to crack. This study presents a new approach to entering passwords, which combines a high level of security with easy recall for the end user. The Check-Off Password System (COPS) is more secure than self-selected passwords as well as high-protection, assigned-password procedures. The present study investigates trade-offs between using COPS and three traditional password procedures, and provides a preliminary assessment of the efficacy of COPS. The study offers evidence that COPS is a valid alternative to current user authentication systems. End users perceive all password procedures tested to have equal usefulness, but the perceived ease of use of COPS passwords equals that of an established high-security password, and the new interface does not negatively affect user performance compared with that high-security password. Further research will be conducted to investigate long-term benefits.