A strategy for increasing user acceptance of authentication systems: Insights from an empirical study of user preferences and performance

International Journal of Business and Systems Research

Volumn 2, Issue 4, 2008, Pages 343-364

  Ozok, A A ^a   Holden, S ^b  

^a UNIVERSITY OF MARYLAND BALTIMORE COUNTY   (United States)

^b SRA Touchstone Consulting Group   (United States)

Author keywords

Authentication systems; Graphical authentication; Organisational strategy; Performance; User acceptance; User preferences

Indexed keywords

EID: 73149103987     PISSN: 1751200X     EISSN: 17512018     Source Type: Journal    
DOI: 10.1504/IJBSR.2008.020763     Document Type: Article

References (39)

1. Adams, A. and Sasse, M.A. (1999) 'Users are not the enemy: why users compromise computer security mechanisms and how to take remedial measures', Communications of the ACM, Vol. 42, pp.41-46.
2. Balfanz, D., Durfee, G., Grinter, R. and Smetters, D.K. (2004) 'In search of usable security: five lessons from the field', IEEE Privacy and Security, Vol. 2(5), pp.19-24.
3. Bishop, M. (2005) 'Psychological acceptability revisited', in L.F. Cranor and S. Garfinkel (Eds), Security and Usability: Designing Secure Systems that People can Use (pp.1-11). Sebastopol, CA: O' Reilly Media, Inc.
4. Brostoff, S. and Sasse, A. (2000) 'Are Passfaces more usable than passwords? A field trial investigation', Paper presented at the People and Computers XIV-Usability or Else! Proceedings of HCI 2000, Sunderland University.
5. Chuang, T., Nakatani, K., Chen, J. and Huang, I. (2007) 'Examining the impact of organisational and owner's characteristics on the extent of e-commerce adoption in SMEs', Int. J. Business and Systems Research, Vol. 1, pp.61-80.
6. Computer Science and Telecommunications Board (2002) IDs-Not That Easy: Questions about Nationwide Identity Systems. Washington, DC: National Academy Press.
7. Cranor, L.F. and Garfinkel, S. (2004) 'Secure or usable?', IEEE Privacy and Security, Vol. 2, pp.16-18.
8. Cronbach, L.J. (1990) Essentials of Psychological Testing. New York: Harper Collins Publishing.
9. Davis, D., Monrose, F. and Reiter, M. (2004) 'On user choice in graphical password schemes', Paper presented at the 13th Usenix Security Symposium, San Diego, CA.
10. De Angeli, A., Coventry, L., Johnson, G. and Renaud, K. (2005) 'Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems', Int. J. Human-Computer Studies, Vol. 63, pp.128-152.
11. Department of Defense Computer Security Center (1985) Department of Defense Password Management Guideline (CSC-STD-002-85). Washington, DC: Department of Defense.
12. Dhamija, R. and Perrig, A. (2000) 'Deja Vu: a user study. Using images for authentication', Paper presented at the 9th USENIX Security Symposium.
13. Dillman, D.A. (2000) Mail and Internet Surveys: The Tailored Design Method, 2nd ed. New York: John Wiley and Sons, Inc.
14. Furnell, S.M., Jusoh, A. and Katsabas, D. (2006) 'The challenges of understanding and using security: a survey of end-users', Computers and Security, Vol. 25, pp.27-35.
15. Hackman, J.R. and Oldham, G.R. (1980) Work Redesign (Organization Development). Upper Saddle River, NJ: Prentice Hall.
16. Hinds, C. and Ekwueme, C. (2007) 'Increasing security and usability of computer systems with graphical passwords', Proceedings of the 45th ACM Southeast Regional Conference 2007, March 23-27, Winston-Salem, North Carolina, USA, pp.529-530.
17. Ives, B., Walsh, K.R. and Schneider, H. (2004) 'The domino effect of password reuse', Communications of the ACM, Vol. 47, pp.75-78.
18. Jermyn, I., Mayer, A., Monrose, F., Reiter, M. and Rubin, A. (1999) 'The design and analysis of graphical passwords', Paper presented at the 8th USENIX Security Symposium, Washington, DC.
19. Keith, M., Shao, B. and Steinbart, P.J. (2007) 'The usability of passphrases for authentication: an empirical field study', Int. J. Human-Computer Studies, Vol. 65, pp.17-28.
20. Lin, H.X., Choong, Y.Y. and Salvendy, G. (1997) 'A proposed index of usability: a method for comparing the relative usability of different software systems', Behaviour and Information Technology, Vol. 16, pp.267-277.
21. Martrinko, M.J., Henry, J.W. and Zmud, R.W. (1996) 'An attributional explanation of individual resistance to the introduction of information technologies in the workplace', Behavior and Information Technology, Vol. 15, pp.313-330.
22. Medsker, G.L. and Campion, M.A. (1997) 'Job and team design', in G. Salvendy (Ed.), Handbook of Human Factors and Engineering, 2nd ed. (pp.450-489). New York: John Wiley and Sons, Inc.
23. Millar, B. (1994) 'Vital signs of identity', IEEE Spectrum, Vol. 31, pp.22-28.
24. Miller, G.A. (1956) 'The magical number seven, plus or minus two: some limits on our capacity for processing information', The Psychological Review, Vol. 63, pp.81-97.
25. Moncur, W. and Leplatre, G. (2007) 'Pictures at the ATM: exploring the usability of multiple graphical passwords', Proceedings of CHI 2007 Conference on Human Factors in Computing Systems, April 28-May 3, San Jose, California, pp.887-894.
26. Ozok, A.A. and Salvendy, G. (2001) 'How consistent is your web design?', Behavior and Information Technology, Vol. 20, pp.433-447.
27. Rantanen, H., Leva, K. and Pekkola, S. (2007) 'Performance measurement implementation in a knowledge-based public organisation', Int. J. Business and Systems Research, Vol. 1, pp.343-353.
28. Real User Corporation. (2005) 'How the Passface™ system works', retrieved 18 February 2005 from: http://www/realuser.com/technology/about- passfaces.htm
29. Saltzer, J.H. and Schroeder, M.D. (1975) 'The protection of information in computer systems', Proceedings of the IEEE, Vol. 63, pp.1278-1308.
30. Sasse, M.A., Brostoff, S. and Weirich, D. (2001) 'Transforming the 'weakest link'-a human/computer interaction approach to usable and effective security', BT Technology Journal, Vol. 19, pp.122-131.
31. Schultz, E.E. (2007) 'Research on usability in information security', Computer Fraud and Security, Vol. 6, pp.8-10.
32. Schultz, E.E., Proctor, R.W., Lien, M.-C. and Salvendy, G. (2001) 'Usability and security: an appraisal of usability issues in information security methods', Computers and Security, Vol. 20, pp.620-634.
33. Wei, J. and Salvendy, G. (2001) 'Development and validation of the purdue cognitive job analysis methodology', Int. J. Cognitive Ergonomics, Vol. 4, pp.277-296.
34. Weinshall, D. and Kirkpatrick, S. (2004) 'Passwords you'll never forget, but can't recall', Paper presented at the ACM Conference on Computer Human Interaction (CHI), Vienna, Austria, April 24-29.
35. Whitten, A. and Tygar, J.D. (1999) 'Why Johnny can't encrypt: a usability evaluation of pgp 5.0', Paper presented at the 8th Usenix Security Symposium, Washington, DC.
36. Witty, R.J. (2005) Bank of America Implements Simplified Single Sign-On (no. G00123465). Stamford, CT: Gartner, Inc.
37. Witty, R.J. and Brittain, K. (2004) Automated Password Reset can Cut it Service Desk Costs (no. G00123531). Stamford, CT: Gartner, Inc.
38. Yan, J., Blackwell, A., Anderson, R. and Grant, A. (2004) 'Password memorability and security: empirical results', IEEE Privacy and Security, Vol. 2, pp.25-31.
39. Yenisey, M.M., Ozok, A.A. and Salvendy, G. (2005) 'Perceived security factors in e-commerce among Turkish university students', Behaviour and Information Technology, Vol. 24, pp.259-274.