Security policies are required that protect information from unauthorised access, and also respect challenges users face in creating, and particularly managing, increasing numbers of passwords. This paper investigates real password use in the context of daily life. It presents the results of an empirical study where participants completed a password diary over 7 days, followed by debrief interviews to gain further knowledge and understanding of user behaviour. The results reported relate to how many passwords are in use, the types of passwords participants created, the relationships between different passwords and to sensitive services, how participants retrieved their passwords and finally, the different strategies adopted by users in their management of passwords. The paper concludes by providing a high level set of password guidelines, along with suggestions for mechanisms to support creating, encoding, retrieving and executing multiple passwords.
Bibliographical noteThis is a pre-copyedited, author-produced version of an article accepted for publication in Interacting with Computers, following peer review. The version of record Grawemeyer, B & Johnson, H 2011, 'Using and managing multiple passwords: A week to a view', Interacting with Computers, vol. 23, no. 3, pp. 256-267] is available online at: https://academic.oup.com/iwc/article/23/3/256/693351
Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders
- Password management
- User authentication
ASJC Scopus subject areas
- Human-Computer Interaction