The true cost of unusable password policies: Password use in the wild

Conference on Human Factors in Computing Systems - Proceedings

Volumn 1, Issue , 2010, Pages 383-392

  Inglesant, Philip G ^a   Sasse, M Angela ^a  

^a UNIVERSITY COLLEGE LONDON   (United Kingdom)

Author keywords

password policy; passwords; usable security

Indexed keywords

CONTEXT OF USE; PASSWORD STRENGTH; SECURITY POLICY; STAFF MEMBERS; STRONG PASSWORD; USABLE SECURITY;

HUMAN ENGINEERING;

EID: 77953963809     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1753326.1753384     Document Type: Conference Paper

References (23)

1. Adams, A. and Sasse, M.A. Users Are Not The Enemy. Communications of the ACM 42, 12 (December 1999), 41-46.
2. Allan, A. Passwords Are Near the Breaking Point: Gartner Research Note (2004) http://www.indevis.de/dokumente/gartner-passwords-breakpoint.pdf.
3. Beautement, A., Sasse, M.A., and Wonham, M. The Compliance Budget: Managing Security Behaviour in Organisations. In Proc. NSPW 2008, ACM Press (2009), 47-58.
4. Brostoff, S. and Sasse, M.A. Safe and Sound: A Safety- Critical Approach to Security. In Proc. NSPW 2001 (2001), 41-50.
5. Brown, B.A.T., Sellen, A.J., and O'Hara, K.P. A Diary Study of Information Capture in Working Life. In Proc. CHI 2000, ACM Press (2000), 438-445.
6. Charmaz, K. Constructing Grounded Theory: A Practical Guide Through Qualitative Analysis, SAGE Publications, London, UK, 2006.
7. Dourish, P., Grinter, R.E., Delgado de la Flor, J., and Joseph, M. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal and Ubiquitous Computing 8, 6 (2004), 391-401.
8. Electric Alchemy Cracking Passwords in the Cloud: Insights on Password Policies http://news.electricalchemy.net/2009/10/password-cracking- in-cloud-part-5.html.
9. Federal Information Processing Standards Publication 112: Password Usage (Withdrawn February 2008) (1985) http://www.itl.nist.gov/fipspubs/fip112.htm.
10. Florêncio, D. and Herley, C.A. Large-Scale Study of Web Password Habits. In Proc. WWW 2007, ACM Press (2007), 657-666.
11. Florêncio, D., Herley, C., and Coskun, B. Do Strong Web Passwords Accomplish Anything? In Proc. HotSec 07, USENIX Association (2007), Article No. 10.
12. Herley, C. So Long and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users. In NSPW 2009.
13. Morris, R. and Thompson, K. Password security: a case history. Communications of the ACM 22, 11 (November 1979), 594-597. (Pubitemid 10431335)
14. National Institute of Science and Technology NIST Special Publication 800-118: Guide to Enterprise Password Management (Draft): Recommendations of the National Institute of Standards and Technology (2009). http://csrc.nist.gov/ publications/drafts/800- 118/draft-sp800-118.pdf.
15. Palen, L. and Salzman, M. Voice-Mail Diary Studies for Naturalistic Data Capture under Mobile Conditions. In Proc. CSCW 2002, ACM Press (2002), 87-95.
16. Sasse, M.A., Brostoff, S., and Weirich, D. Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technology Journal 19, 3 (July 2001), 122-131. (Pubitemid 32903117)
17. Schneier, B. Secrets and Lies: Digital Security in a Networked World, Wiley, Indianapolis, IN, USA (2000).
18. Schneier, B. Write Down Your Password (2005). http://www.schneier.com/ blog/archives/2005/06/write- down-your.html.
19. Scientific Software Development, 2006, 'ATLAS.ti The Knowledge Workbench'.
20. Singh, S., Cabraal, A., Demosthenous, C., Astbrink, G., and Furlong, M. Password Sharing: Implications for Security Design Based on Social Practice. In Proc. CHI 2007, ACM Press (2007), 895-904.
21. Trust Economics. http://www.trust-economics.org/.
22. Yan, J., Blackwell, A., Anderson, R., and Grant, A. Password Memorability and Security: Empirical Results. IEEE Security & Privacy 2, 5 (September/October 2004), 25-31.
23. Zviran, M. and Haga, W. J. Password Security: An Empirical Study. Journal of Management Information Systems 15, 4 (Spring 1999), 161-185.