A Cognitive-Behavioral Framework of User Password Management Lifecycle

Passwords are the most commonly used mechanism in controlling users’ access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password, using the password to authenticate, then to the end of the lifespan of the password when it needs to be changed. We develop a cognitive-behavioral framework depicting the cognitive activities that users perform within each stage, and how the stages interact with the human information processor, i.e. memory and attention resources. Individual factors are also represented in the framework such as attitudes, motivations, and emotions that can affect users’ behaviors during the password management lifecycle. The paper discusses cognitive and behavioral activities throughout the lifecycle as well as the associated economics. We show the importance of a holistic approach in understanding users’ password behaviors and the framework provides guidance on future research directions.