Abstract
To inform the design of security policy, task models of password behaviour were constructed for different user groups - Computer Scientists, Administrative Staff and Students. These models identified internal and external constraints on user behaviour and the goals for password use within each group. Data were drawn from interviews and diaries of password use. Analyses indicated password security positively correlated with the sensitivity of the task, differences in frequency of password use were related to password security and patterns of password reuse were related to knowledge of security. Modelling revealed Computer Scientists viewed information security as part of their tasks and passwords provided a way of completing their work. By contrast, Admin and Student groups viewed passwords as a cost incurred when accessing the primary task. Differences between the models were related to differences in password security and used to suggest six recommendations for security officers to consider when setting password policy.
| Original language | English |
|---|---|
| Pages (from-to) | 415-431 |
| Number of pages | 17 |
| Journal | International Journal of Human Computer Studies |
| Volume | 70 |
| Issue number | 6 |
| Early online date | 3 Mar 2012 |
| DOIs | |
| Publication status | Published - 1 Jun 2012 |
| Externally published | Yes |
Keywords
- Password
- Rationality
- Security
- Task modelling
ASJC Scopus subject areas
- Software
- Human Factors and Ergonomics
- Education
- Engineering(all)
- Human-Computer Interaction
- Hardware and Architecture