With the increasing daily reliance on electronic transactions, it is essential to have reliable security practices for individuals, businesses, and organizations to protect their information (Vu, Bhargav, & Proctor, 2003; Vu, Tai, Bhargav, Schultz, & Proctor, 2004). A paradigm shift is occurring as researchers are targeting social and human dimensions of information security, as this aspect is seen as an area where control can be exercised. Since computer security is largely dependent on the use of passwords to authenticate users of technology, the objectives of this chapter are to (a) provide a background on password authentication and information security, (b) provide a discussion on security techniques, human error in information security, human memory limitations, and password authentication in practice, and (c) provide a discussion on future and emerging trends in password authentication to include future research areas.
TopIntroduction
With the increasing daily reliance on electronic transactions, it is essential to have reliable security practices for individuals, businesses, and organizations to protect their information (Vu et al., 2003; Vu et al., 2004). A paradigm shift is occurring as researchers are targeting social and human dimensions of information security, as this aspect is seen as an area where control can be exercised. Since computer security is largely dependent on the use of passwords to authenticate users of technology, the mission of this chapter is to addresses the human and social aspects of password authentication (Wiedenbeck, Waters, Birget, Brodskiy, & Memon, 2005). Users are challenged to remember long and random passwords and therefore too often choose passwords that may have low security strength or be difficult to remember (Wiedenbeck et al., 2005; Yan, Blackwell, Anderson, & Grant, 2004). As the number of individuals using computers and networks has increased, so has the level of threat for security breaches against these computers and networks. Carnegie Mellon’s computer emergency response team (CERT) (2007) has collected statistics showing that six security incidents were reported in 1988 compared to 137, 529 in 2003. Furthermore, CERT (2007) reported that 171 vulnerabilities were reported in 1995 in comparison to 8,064 in 2006. In addition, the Federal Bureau of Investigation (FBI) conducted a survey in which 40% of organizations claimed that system penetrations from outside their organization had increased from the prior year by 25% (Ives, Walsh, & Schneider, 2004).
The rapid expansion in computing and networking has thus amplified the need to perpetually manage information security within an organization. Events such as 9/11 and the war on terrorism have also underscored an increased need for vigilance regarding information security. Organizations, government, and private industry are currently trying to adjust to the burden of this heightened need for information security, and, as an example of this, the U.S. Department of Homeland Security (2002) has focused particular efforts on ensuring information security. In light of the current context of universal computing and the realistic threats that exist to organizations’ information systems, there is a strong need for more research in the field of information security. The main objectives of this chapter are to (a) provide a background on password authentication and information security, (b) provide a discussion on the main thrust of the chapter, human and social aspects of password authentication, which include the topics of security techniques, human error in information security, human memory limitations, and password authentication in practice, and (c) provide a discussion on future and emerging trends in password authentication to include future research areas and concluding remarks in the area of human and social aspects of password authentication.