Abstract
To date, system research has focused on designing security mechanisms to protect systems access although their usability has rarely been investigated. This paper reports a study in which users’ perceptions of password mechanisms were investigated through questionnaires and interviews. Analysis of the questionnaires shows that many users report problems, linked to the number of passwords and frequency of password use. In-depth analysis of the interview data revealed that the degree to which users conform to security mechanisms depends on their perception of security levels, information sensitivity and compatibility with work practices. Security mechanisms incompatible with these perceptions may be circumvented by users and thereby undermine system security overall.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Barton, B.F. and Barton, M. S. (1984) “User-friendly password methods for computer-mediated information systems. Computers and Security, 3, 186–195.
Carroll, J.M (1996) “Computer Security” 3rd ed. Butterworth-Heinemann, MA.
DeAlvare, A. M. (1988) “A Framework for Password Selection” Unix Security Workshop II. Portland. Aug 29–30
DeAlvare, A. M. (1990) “How Crackers Crack Passwords OR What Passwords to Avoid” Unix Security Workshop II. Portland. Aug 27–28
Davis, D. and Price, W. (1987) “Security for Computer Networks” John Wiley and Sons, Chichester.
Fafchamps, D (1991) “Ethnographic workflow analysis: Specifications for design.” In Bullinger, H. J. (eds). Human aspects in computing: Design and use of interactive systems and work with terminals, Elsevier, pp. 709–715.
FIPS (1985) “Password Usage” Federal Information Processing Standards Publication. May 30.
Ford, W. (1994) “Computer communications security: Principles, standard protocols and techniques” Prentice Hall. NJ
Glaser, B. and Strauss, A. (1967) “The discovery of grounded theory”. Aldine, Chicago.
Gordon, S. (1995) “Social Engineering: Techniques and Prevention”, Computer Security, 1995
Graf, P. and Mandler, G. (1984) “Activation makes words more accessible, but not necessarily more retrievable.” Journal of Verbal Learning and Verbal Behavior, 23, 553–568.
Graf and Schacter (1985) “Implicit and explicit memory for new associations in normal and amnesic subjects” Journal of Experimental Psychology: Learning, Memory and cognition, 11, 385–395.
Hitchings, J. (1995) “Deficiencies of the Traditional Approach to Information Security and the Requirements for a New Methodology.” Computers and Security, 14, 377–383.
Parker, D. B. (1992) “Restating the foundation of information security” in “IT Security: The Need for International Co-operation” G. G. Gable and W.J. Caelli (eds). Elsevier Science Publishers, Holland.
Strauss, A. and Corbin, J. (1990) “Basics of qulitative research: Grounded theory procedures and techniques” Sage, London.
Stevenson, C. and Cooper, N. (1997) “Qualitative and Quantitative research.” The Psychologist: Bulletin of the British Psychological Society, April. 159–160
Suchman, L. (1987) “Plans and Situated Action: The problem of Human-MachineCommunication” Cambridge Univerity Press. Cambridge.
Wickens, C.D (1992) “Engineering Psychology and Human performance” (2nd ed.) Harper Collins, NY.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer-Verlag London
About this paper
Cite this paper
Adams, A., Sasse, M.A., Lunt, P. (1997). Making Passwords Secure and Usable. In: Thimbleby, H., O’Conaill, B., Thomas, P.J. (eds) People and Computers XII. Springer, London. https://doi.org/10.1007/978-1-4471-3601-9_1
Download citation
DOI: https://doi.org/10.1007/978-1-4471-3601-9_1
Publisher Name: Springer, London
Print ISBN: 978-3-540-76172-3
Online ISBN: 978-1-4471-3601-9
eBook Packages: Springer Book Archive