Published: August 02, 2015
Author(s)
Yee-Yin Choong (NIST), Mary Theofanos (NIST)
Conference
Name: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust
Dates: August 2-7, 2015
Location: Los Angeles, California, United States
Citation: Human Aspects of Information Security, Privacy, and Trust: Third International Conference, HAS 2015, Lecture Notes in Computer Science vol. 9190, pp. 299-310
Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related password activities that have security implications. We conducted a large-scale survey (4,573 respondents) to investigate the relationships between the organizational password policies and employees’ password behaviors. The key finding of this study is that employees’ attitudes toward the rationale behind cybersecurity policies are statistically significant with their password behaviors and experiences. Positive attitudes are related to more secure behaviors such as choosing stronger passwords and writing down passwords less often, less frustration with authentication procedures, and better understanding and respecting the significance to protect passwords and system security. We propose future research to promote positive employees’ attitudes toward organizational security policy that could facilitate the balance between security and usability.
Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related...
See full abstract
Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related password activities that have security implications. We conducted a large-scale survey (4,573 respondents) to investigate the relationships between the organizational password policies and employees’ password behaviors. The key finding of this study is that employees’ attitudes toward the rationale behind cybersecurity policies are statistically significant with their password behaviors and experiences. Positive attitudes are related to more secure behaviors such as choosing stronger passwords and writing down passwords less often, less frustration with authentication procedures, and better understanding and respecting the significance to protect passwords and system security. We propose future research to promote positive employees’ attitudes toward organizational security policy that could facilitate the balance between security and usability.
Hide full abstract
Keywords
password behavior; organizational password policy; cybersecurity; perception; attitudes; usability
Control Families
None selected