The psychology of password management: A tradeoff between security and convenience

Behaviour and Information Technology

Volumn 29, Issue 3, 2010, Pages 233-244

  Tam, L ^a   Glassman, M ^a   Vandenwauver, M ^b  

^a OLD DOMINION UNIVERSITY   (United States)

^b IBM   (United States)

Author keywords

Internet security; Motivation; Password management; Password security; User management

Indexed keywords

INTERNET SECURITY; MANAGEMENT PRACTICES; ON-LINE BANKING; PASSWORD MANAGEMENT; PASSWORD SECURITY; PASSWORD SELECTION; TECHNOLOGICAL ADVANCES; TIME FRAME; USER MANAGEMENT;

INTERNET; MOTIVATION;

MANAGEMENT;

EID: 77951996290     PISSN: 0144929X     EISSN: 13623001     Source Type: Journal    
DOI: 10.1080/01449290903121386     Document Type: Article

References (32)

1. Anderson, K. B., 2006. Who are the victims of identity theft? The effect of demographics. Journal of Public Policy and Marketing, 25 (2), 160-171.
2. Anderson, R. and Moore, T., 2006. The economics of information security. Science, 314, 610-613.
3. Ashley, P. and Vandenwauver, M., 1999. Practical Intranet Security: Overview of the State of the Art and Available Technologies. Boston, MA: Kluwer Academic.
4. Baron, R. and Kenny, D., 1986. The moderator-mediator variable distinction in social psychological research: conceptual, strategic, and statistical considerations. Journal of Personality and Social Psychology, 51 (6), 1173-1182.
5. Bishop, M., 1991. Password management. COMPCON 1991 Proceedings, 167-169.
6. Bresz, F. P., 2004. People - often the weakest link in security, but one of the best places to start: without awareness and training, security compliance is not possible. Journal of Health Care Compliance, 6 (4), 57-61.
7. Bresz, F. P. and Villacres, C., 2004. Controlling authentication in a health care environment: multi-factor mechanisms may be one option for your organization. Journal of Health Care Compliance, 6 (6), 52-54.
8. Bryant, K. and Campbell, J., 2006. User behaviours associated with password security and management. Australasian Journal of Information System, 14 (1), 81-100.
9. Campbell, J., et al., 2007. Unrealistic optimism in internet events. Computers in Human Behaviour, 23, 1273-1284.
10. Conklin, A., Dietrich, G., and Walz, D., 2004. Passwordbased authentication: a system perspective. In: Proceedings of the 37th Hawaii International Conference on System Sciences, 1-10.
11. Evers, J., 2006. Security expert: user education is pointless. CNet News [Online]. Available from: http://news.com. com/2102-7350-3-6125213.html
12. Eyal, T., et al., 2004. The pros and cons of temporally near and distant action. Journal of Personality and Social Psychology, 86 (6), 781-795.
13. Featherman, M. S., Valacich, J. S., and Wells, J. D., 2006. Is that authentic or artificial? Understanding consumer perceptions of risk in e-service encounters. Information Systems Journal, 16, 107-134.
14. Furnell, S., Jusoh, A., and Katsabas, D., 2006. The challenges of understanding and using security: a survey of end-users. Computers & Security, 25, 27-35.
15. Gaw, S. and Felten, E. W., 2006. Password management strategies for online accounts. In: Symposium on Usable Privacy and Security (SOUPS), July 12-14, Pittsburgh, PA, USA.
16. Gehringer, E., 2002. Choosing passwords: security and human factors. 2002 International Symposium on Technology and Society, 369-373.
17. Harrison, W., 2006. From the editor: passwords and passion. IEEE Software, July/Aug. 5-7.
18. Keith, M., Shao, B., and Steinbart, P. J., 2007. The usability of passphrases for authentication: an empirical field study. International Journal of Human-Computer Studies, 65 (1), 17-28.
19. Millman, R., 2006. Four in ten security staffers write down passwords. SC Magazine, June 13.
20. Naraine, R., 2006. Googling for ATM masters passwords. eWeek.com, 21 Sept.
21. Neumann, P., 1994. Risks of passwords. Communications of the ACM, 37 (4), 126.
22. Powell, J., 2006. How security breaches impact your brand. Enterprise Systems, 31 Oct.
23. Schneier, B., 2006. Beyond fear: thinking sensibly about security in an uncertain world. New York: Springer Science+Business Media, LLC.
24. Schneier, B., 2007a. Secure passwords keep you safer [Online]. Available from: www.wired.com/news/columns/1, 72458-0.html
25. Schneier, B., 2007b. The psychology of security [Online]. Available from: http://www.schneier.com/essay-155.html [Accessed 18 January 2008].
26. Stanton, J., et al., 2005. Analysis of end user security behaviors. Computers & Security, 24, 124-133.
27. Tari, F., Ozok, A., and Holden, S., 2006. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of SOUPS 2006 Symposium on Usable Privacy and Security, 56-66.
28. Trope, Y. and Liberman, N., 2003. Temporal construal. Psychological Review, 110 (3), 403-421.
29. Weiss, T., 2007. Study: weak passwords really do help hackers. Computerworld, 7 February.
30. Wilson, T., 2006. It's the people, stupid [Online]. Available from: http://www.darkreading.com/document.asp?doc-id=108163 [Accessed 24 October 2006].
31. Wood, W., Tam, L., and Witt, M., 2005. Changing circumstances, disrupting habits. Journal of Personality and Social Psychology, 88 (6), 918-933.
32. Yenisey, M., Ozok, A., and Salvendy, G., 2005. Perceived security determinants in e-commerce among Turkish university students. Behaviour & Information Technology, 24 (4), 259-274.