Maintaining the security of information systems and associated data resources is vital if an organisation is to minimise losses. Access controls are the first line of defence in this process. The primary function of access controls is to restrict the use of information systems and resources to authorised users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, evidence suggests that passwords as a means of authentication is often compromised by poor security practices. This paper presents the results of a survey that examines user practice in creating and using password keys and reports the findings on user password composition and security practices for e-mail accounts. Despite a greater awareness of security issues, the results show that an improvement in user password management practice is required.
|Title of host publication||Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005)|
|Editors||Bruce Campbell, Jim Underwood, Deborah Bunker|
|Place of Publication||Australia|
|Publisher||Association for Information Systems|
|Number of pages||8|
|Publication status||Published - 2005|
|Event||Australasian Conference on Information Systems (ACIS2005) - Sydney, Australia|
Duration: 29 Nov 2005 → 2 Dec 2005
|Conference||Australasian Conference on Information Systems (ACIS2005)|
|Period||29/11/05 → 2/12/05|
Bryant, K., & Campbell, J. (2005). An Empirical Study of User Practice in Password Security and Management. In B. Campbell, J. Underwood, & D. Bunker (Eds.), Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005) (pp. 1-8). Association for Information Systems.