An Empirical Study of User Practice in Password Security and Management

Kay Bryant, John Campbell

    Research output: A Conference proceeding or a Chapter in BookConference contribution

    1 Citation (Scopus)

    Abstract

    Maintaining the security of information systems and associated data resources is vital if an organisation is to minimise losses. Access controls are the first line of defence in this process. The primary function of access controls is to restrict the use of information systems and resources to authorised users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, evidence suggests that passwords as a means of authentication is often compromised by poor security practices. This paper presents the results of a survey that examines user practice in creating and using password keys and reports the findings on user password composition and security practices for e-mail accounts. Despite a greater awareness of security issues, the results show that an improvement in user password management practice is required.
    Original languageEnglish
    Title of host publicationProceedings of the 16th Australasian Conference on Information Systems (ACIS 2005)
    EditorsBruce Campbell, Jim Underwood, Deborah Bunker
    Place of PublicationAustralia
    PublisherAssociation for Information Systems
    Pages1-8
    Number of pages8
    ISBN (Print)0-9758417-0-X
    Publication statusPublished - 2005
    EventAustralasian Conference on Information Systems (ACIS2005) - Sydney, Australia
    Duration: 29 Nov 20052 Dec 2005

    Conference

    ConferenceAustralasian Conference on Information Systems (ACIS2005)
    CountryAustralia
    CitySydney
    Period29/11/052/12/05

    Fingerprint

    Access control
    Authentication
    Information systems
    Security of data
    Chemical analysis

    Cite this

    Bryant, K., & Campbell, J. (2005). An Empirical Study of User Practice in Password Security and Management. In B. Campbell, J. Underwood, & D. Bunker (Eds.), Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005) (pp. 1-8). Australia: Association for Information Systems.
    Bryant, Kay ; Campbell, John. / An Empirical Study of User Practice in Password Security and Management. Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005). editor / Bruce Campbell ; Jim Underwood ; Deborah Bunker. Australia : Association for Information Systems, 2005. pp. 1-8
    @inproceedings{84a2d227f92c44f6a2a104bca703f05b,
    title = "An Empirical Study of User Practice in Password Security and Management",
    abstract = "Maintaining the security of information systems and associated data resources is vital if an organisation is to minimise losses. Access controls are the first line of defence in this process. The primary function of access controls is to restrict the use of information systems and resources to authorised users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, evidence suggests that passwords as a means of authentication is often compromised by poor security practices. This paper presents the results of a survey that examines user practice in creating and using password keys and reports the findings on user password composition and security practices for e-mail accounts. Despite a greater awareness of security issues, the results show that an improvement in user password management practice is required.",
    author = "Kay Bryant and John Campbell",
    year = "2005",
    language = "English",
    isbn = "0-9758417-0-X",
    pages = "1--8",
    editor = "Bruce Campbell and Jim Underwood and Deborah Bunker",
    booktitle = "Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005)",
    publisher = "Association for Information Systems",
    address = "United States",

    }

    Bryant, K & Campbell, J 2005, An Empirical Study of User Practice in Password Security and Management. in B Campbell, J Underwood & D Bunker (eds), Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005). Association for Information Systems, Australia, pp. 1-8, Australasian Conference on Information Systems (ACIS2005), Sydney, Australia, 29/11/05.

    An Empirical Study of User Practice in Password Security and Management. / Bryant, Kay; Campbell, John.

    Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005). ed. / Bruce Campbell; Jim Underwood; Deborah Bunker. Australia : Association for Information Systems, 2005. p. 1-8.

    Research output: A Conference proceeding or a Chapter in BookConference contribution

    TY - GEN

    T1 - An Empirical Study of User Practice in Password Security and Management

    AU - Bryant, Kay

    AU - Campbell, John

    PY - 2005

    Y1 - 2005

    N2 - Maintaining the security of information systems and associated data resources is vital if an organisation is to minimise losses. Access controls are the first line of defence in this process. The primary function of access controls is to restrict the use of information systems and resources to authorised users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, evidence suggests that passwords as a means of authentication is often compromised by poor security practices. This paper presents the results of a survey that examines user practice in creating and using password keys and reports the findings on user password composition and security practices for e-mail accounts. Despite a greater awareness of security issues, the results show that an improvement in user password management practice is required.

    AB - Maintaining the security of information systems and associated data resources is vital if an organisation is to minimise losses. Access controls are the first line of defence in this process. The primary function of access controls is to restrict the use of information systems and resources to authorised users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, evidence suggests that passwords as a means of authentication is often compromised by poor security practices. This paper presents the results of a survey that examines user practice in creating and using password keys and reports the findings on user password composition and security practices for e-mail accounts. Despite a greater awareness of security issues, the results show that an improvement in user password management practice is required.

    M3 - Conference contribution

    SN - 0-9758417-0-X

    SP - 1

    EP - 8

    BT - Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005)

    A2 - Campbell, Bruce

    A2 - Underwood, Jim

    A2 - Bunker, Deborah

    PB - Association for Information Systems

    CY - Australia

    ER -

    Bryant K, Campbell J. An Empirical Study of User Practice in Password Security and Management. In Campbell B, Underwood J, Bunker D, editors, Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005). Australia: Association for Information Systems. 2005. p. 1-8