An Evaluation of User Password Practice

An Evaluation of User Password Practice

John Campbell (University of Canberra, Australia) and Kay Bryant (University of Canberra, Australia)
DOI: 10.4018/978-1-4666-2136-7.ch047
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Maintaining the security of information systems and associated data resources is vital if an organization is to minimize losses. Access controls are the first line of defense in this process. The primary function of authentication controls is to ensure that only authorized users have access to information systems and electronic resources. Password-based systems remain the predominant means of user authentication despite viable authentication alternatives. Research suggests that password-based systems are often compromised by poor user security practices. This chapter presents the results of a survey of 884 computer users that examines user practice in creating and reusing password keys, and reports the findings on user password composition and security practices for email accounts. Despite a greater awareness of security issues, the results show that many users still select and reuse weak passwords keys that are based on dictionary words and other meaningful information.
Chapter Preview
Top

A Survey Of Email Password Security

Remembering unique passwords for different systems and applications is difficult in practice and it is therefore no surprise that many users select dictionary words, personal names or other meaningful information as the basis for their passwords. For similar reasons users frequently select the same password for multiple accounts (Ives, Walsh, & Schneider., 2004). Password reuse can compromise the security of all of the password systems that a user might access. Cognitive limitations mean that many users will choose easy to remember passwords that are based on some meaningful combination of names and/or numbers (Brown, Bracken, Zoccoli, & Douglas, 2004). If the security of one system is breached, then all other password-based systems may become vulnerable.

Complete Chapter List

Search this Book:
Reset