An Empirical Study of User Practice in Password Security and Management

Kay Bryant, John Campbell

    Research output: A Conference proceeding or a Chapter in BookConference contributionpeer-review

    1 Citation (Scopus)


    Maintaining the security of information systems and associated data resources is vital if an organisation is to minimise losses. Access controls are the first line of defence in this process. The primary function of access controls is to restrict the use of information systems and resources to authorised users. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, evidence suggests that passwords as a means of authentication is often compromised by poor security practices. This paper presents the results of a survey that examines user practice in creating and using password keys and reports the findings on user password composition and security practices for e-mail accounts. Despite a greater awareness of security issues, the results show that an improvement in user password management practice is required.
    Original languageEnglish
    Title of host publicationProceedings of the 16th Australasian Conference on Information Systems (ACIS 2005)
    EditorsBruce Campbell, Jim Underwood, Deborah Bunker
    Place of PublicationAustralia
    PublisherAssociation for Information Systems
    Number of pages8
    ISBN (Print)0-9758417-0-X
    Publication statusPublished - 2005
    EventAustralasian Conference on Information Systems (ACIS2005) - Sydney, Australia
    Duration: 29 Nov 20052 Dec 2005


    ConferenceAustralasian Conference on Information Systems (ACIS2005)


    Dive into the research topics of 'An Empirical Study of User Practice in Password Security and Management'. Together they form a unique fingerprint.

    Cite this