A TAM Analysis of an Alternative High-Security User Authentication Procedure
Merrill Warkentin (Mississippi State University, USA), Kimberly Davis (Mississippi State University, USA) and Ernst Bekkering (Northeastern State University, USA)
Copyright: © 2005
The objective of information system security management is information assurance, which means to maintain confidentiality (privacy), integrity, and availability of information resources for authorized organizational end users. User authentication is a foundation procedure in the overall pursuit of these objectives, and password procedures historically have been the primary method of user authentication. There is an inverse relationship between the level of security provided by a password procedure and ease of recall for users. The longer the password and the more variability in its characters, the higher the level of security is that is provided by the password, because it is more difficult to violate or crack. However, such a password tends to be more difficult for an end user to remember, particularly when the password does not spell a recognizable word or when it includes non-alphanumeric characters such as punctuation marks or other symbols. Conversely, when end users select their own more easily remembered passwords, the passwords also may be cracked more easily. This study presents a new approach to entering passwords that combines a high level of security with easy recall for the end user. The Check-Off Password System (COPS) is more secure than self-selected passwords and high-protection, assigned-password procedures. The present study investigates tradeoffs between using COPS and three traditional password procedures, and provides a preliminary assessment of the efficacy of COPS. The study offers evidence that COPS is a valid alternative to current user authentication systems. End users perceive all tested password procedures to have equal usefulness, but the perceived ease of use of COPS passwords equals that of an established high-security password, and the new interface does not negatively affect user performance compared to a high-security password. Further research will be conducted to investigate long-term benefits.