Password authentication from a human factors perspective: Results of a survey among end-users

Proceedings of the Human Factors and Ergonomics Society

Volumn 1, Issue , 2009, Pages 459-463

  Hoonakker, Peter ^a   Bornoe, Nis ^c   Carayon, Pascale ^a,b  

^a University of Wisconsin Madison   (United States)

^b UNIVERSITY OF WISCONSIN MADISON   (United States)

^c IT UNIVERSITY OF COPENHAGEN   (Denmark)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; ERGONOMICS; INFORMATION USE; NETWORK SECURITY; SURVEYS;

ACCESSIBLE INFORMATION; END USERS; PASSWORD AUTHENTICATION; PROBLEMS AND SOLUTIONS; QUESTIONNAIRE SURVEYS;

BEHAVIORAL RESEARCH;

EID: 77951550003     PISSN: 10711813     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1518/107118109x12524441081983     Document Type: Conference Paper

References (29)

1. Adams, A., & Sasse, M. A. (1999). Users are not the enemy. Communications of the ACM, 42(12), 41-46.
2. Bedford, M. A. (2006). RSA Security Research Shows Volume of Business Passwords Overwhelming End Users and Hindering IT Security Efforts. RSA Press Releases Retrieved May 26, 2009, from http://www.rsa.com/press-release.aspx?id= 7296
3. Brown, A. S., Bracken, E., Zoccoli, S., & Douglas, K. (2004). Generating and remembering passwords. Applied Cognitive Psychology, 18(6), 641-651.
4. Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security, 11(3), 431.
5. Computer Security Institute (2007). 2007 CSI Computer Crime and Security Survey. San Francisco, CA: Computer Security Institute.
6. Cowan, N., Morey, C. C., Chen, Z., , Gilchrist, A. L., & Saults, J. S. (2008). Theory and measurement of working memory capacity limits. In B. H. Ross (Ed.), The Psychology of Learning and Motivation (Vol. 49, pp. 49-104). Amsterdam: Elsevier B.V.
7. D'Amico, A. D. D. (2000). What Does a Computer Security Breach Really Cost? Northport NY: Secure Decisions.
8. Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319-340.
9. Dhamija, R., & Perrig, A. (2000). Déjà vu: A user study using images for authentication. Paper presented at the 9th Conference on USENIX Security Symposium, Denver, CO.
10. Durrett, D. M. (2006). The Costs of Data Security Breaches and Identity Theft. Cary, NC: Covelight Systems.
11. Feldmeier, D. C., & Karn, P. R. (1989). UNIX Password Security - Ten Years Later. Computer Science, 435, 44-63.
12. Furnell, S. (2005). Why users cannot use security. Computers & Security, 24, 274-279.
13. Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Richardson, R. (2006). 2006 CSI/FBI Computer Crime and Security Survey (No.8). San Francisco, CA: Computer Security Institute.
14. Haber, R. N. (1970). How we remember what we see. Scientific American, 222(5), 104-112.
15. Hoonakker, P. L. T., Carayon, P., Deb, J., El Desoki, R., & Veeramani, R. (2008). The use of focus groups to examine human factors in computer and information security. In L. I. Sznelwar, F. L. Mascia & U. B. Montedo (Eds.), Human Factors in Organizational Design and Management - IX (pp. 377-382). Santa Monica, CA: IEA Press.
16. Horowitz, A. (2001). Top 10 Security Mistakes. Computerworld Retrieved Nov 13, 2008, from http://www.computerworld.com/securitytopics/security/story/0, 10801,61986,00.html
17. Ives, B., Walsh, K. R., & Schneider, H. (2004). The domino effect of password reuse. Communications of the ACM, 47(4), 75-78.
18. Klein, D. V. (1990). Foiling the cracker: a survey of, and improvements to, password security. Paper presented at the 2nd USENIX Workshop Security.
19. Kuo, C., Romanosky, S., & Cranor, L. F. (2006). Human Selection of Mnemonic Phrase-based Passwords. Paper presented at the Second symposium on Usable privacy and security, Pittsburgh, PE.
20. Mitnick, K. D., & Simon, W. L. (2002). The Art of Deception: Controlling the Human Element of Security. New York, NY: John Wiley & Sons.
21. Monahan, M. T. (2007). 2007 Identity Fraud Survey Report: Identity Fraud Is Dropping, Continued Vigilance Necessary. Pleasanton, CA: Javelin Strategy & Research.
22. Morris, R., & Thompson, K. (1979). Password Security: A Case History. Communications of the ACM, 22(11), 594-597. (Pubitemid 10431335)
23. O'Gorman, L. (2003). Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE, 91(12), 2021-2040.
24. Ponemon Institute LLC (2006). 2006 Annual Study: Cost of a Data Breach. Elk Rapids, MI: Ponemon Institute LLC.
25. Renaud, K. V. (2005). Evaluating Authentication Mechanisms. In L. Cranor & S. Garfinkel (Eds.), Security and Usability.
26. Schneier, B. (2006). MySpace Passwords Aren't So Dumb. Wired Retrieved Nov 12, 2008, from http://www.wired.com/politics/security/commentary/ securitymatters/2006/12/72300
27. Shepard, R. N. (1967). Recognition memory for words, sentences, and pictures. Journal of Verbal Learning and Verbal Behavior, 6(1), 156-163.
28. Weir, C. S., Douglas, G., Carruthers, M., & Jack, M. (2009). User perceptions of security, convenience and usability for ebanking authentication tokens. Computers & Security, 28(1-2), 47-62.
29. Zhang, J., Luo, X., Akkaladevi, S., & Ziegelmayer, J. (2009). Improving multiple-password recall: an empirical study. Eur J Inf Syst, 00, 1-12.