Using and managing multiple passwords: A week to a view

Beate Grawemeyer, Hilary Johnson

Research output: Contribution to journalArticle

56 Citations (Scopus)
1 Downloads (Pure)

Abstract

Security policies are required that protect information from unauthorised access, and also respect challenges users face in creating, and particularly managing, increasing numbers of passwords. This paper investigates real password use in the context of daily life. It presents the results of an empirical study where participants completed a password diary over 7 days, followed by debrief interviews to gain further knowledge and understanding of user behaviour. The results reported relate to how many passwords are in use, the types of passwords participants created, the relationships between different passwords and to sensitive services, how participants retrieved their passwords and finally, the different strategies adopted by users in their management of passwords. The paper concludes by providing a high level set of password guidelines, along with suggestions for mechanisms to support creating, encoding, retrieving and executing multiple passwords.

Original languageEnglish
Pages (from-to)256-267
Number of pages12
JournalInteracting with Computers
Volume23
Issue number3
Early online date13 Apr 2011
DOIs
Publication statusPublished - 1 May 2011
Externally publishedYes

Bibliographical note

This is a pre-copyedited, author-produced version of an article accepted for publication in Interacting with Computers, following peer review. The version of record Grawemeyer, B & Johnson, H 2011, 'Using and managing multiple passwords: A week to a view', Interacting with Computers, vol. 23, no. 3, pp. 256-267] is available online at: https://academic.oup.com/iwc/article/23/3/256/693351

Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders

Keywords

  • Password management
  • Security
  • User authentication

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction

Cite this