Abstract
Password authentication remains the dominant form of user authentication for online systems. As such, from a user perspective, it is an approach that they are very much expected to understand and use. However, a survey of 246 users revealed that about one third chose weak passwords, including personal information or dictionary words. To prevent such forms of bad security behavior, service providers should offer support, but the reality of the situation suggests that tangible weaknesses can exist amongst both parties, and thus despite their long-recognised importance, good password practices have yet to become an established part of our security culture. An experimental study was conducted in order to investigate the effect of providing password guidance upon end users’ password choices. The findings revealed that the mere presentation of guidance (without any accompanying enforcement of good practice) had a significant effect upon the resulting password quality.
Chapter PDF
Similar content being viewed by others
References
Furnell, S.M.: Assessing password guidance and enforcement on leading websites. Computer Fraud & Security, 10–18 (December 2011)
Huang, D.-L., Rau, P.-L., Salvendy, G.: Perception of information security. Behaviour & Information Technology 29(3), 221–232 (2010), doi:10.1080/01449290701679361
Davinson, N., Sillence, E.: It won’t happen to me: Promoting secure behaviour among internet users. Computers in Human Behavior 26(6), 1739–1747 (2010), doi:10.1016/j.chb.2010.06.023
Huang, D.-L., Rau, P.-L., Salvendy, G., Gao, F., Zhou, J.: Factors affecting perception of information security and their impacts on IT adoption and security practices. International Journal of Human-Computer Studies 69(12), 870–883 (2011), doi:10.1016/j.ijhcs.2011.07.007
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Furnell, S., Bär, N. (2013). Essential Lessons Still Not Learned? Examining the Password Practices of End-Users and Service Providers. In: Marinos, L., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2013. Lecture Notes in Computer Science, vol 8030. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39345-7_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-39345-7_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39344-0
Online ISBN: 978-3-642-39345-7
eBook Packages: Computer ScienceComputer Science (R0)