Online Version - Last Updated - 20 Jan 2012 |
 |
| Home |
| |
| Procedures and Resources for Authors |
|
| Information and Resources for Volume Editors |
| |
| Orders and Subscriptions |
| |
| Published Articles |
|
| Upcoming Volumes |
| |
| Contact Us |
| |
| Useful External Links |
| |
| CRPIT Site Search |
Passwords and Perceptions
Notoatmodjo, G. and Thomborson, C.
The security of many computer systems hinges on the
secrecy of a single word � if an adversary obtains
knowledge of a password, they will gain access to the
resources controlled by this password. Human users are
the 'weakest link' in password control, due to our
propensity to reuse passwords and to create weak ones.
Policies which forbid such unsafe password practices are
often violated, even if these policies are well-advertised.
We have studied how users perceive their accounts
and their passwords. Our participants mentally classified
their accounts and passwords into a few groups, based on
a small number of perceived similarities. Our participants
used stronger passwords, and reused passwords less, in
account groups which they considered more important.
Our participants thus demonstrated awareness of the basic
tenets of password safety, but they did not behave safely
in all respects. Almost half of our participants reused at
least one of the passwords in their high-importance
accounts. Our findings add to the body of evidence that a
typical computer user suffers from 'password overload'.
Our concepts of password and account grouping point the
way toward more intuitive user interfaces for passwordand
account-management systems.
Cite as: Notoatmodjo, G. and Thomborson, C. (2009). Passwords and Perceptions. In Proc. Seventh Australasian Information Security Conference (AISC 2009), Wellington, New Zealand. CRPIT, 98. Brankovic, L. and Susilo, W., Eds. ACS. 71-78.
(from crpit.com)
(local if available)
