The Effect of Simulation in Large-Scale Data Collection—An Example of Password Policy Development

Computer networks across the world are increasingly vulnerable to hackers. Network administrators have countered this threat with stronger password policies. However, this has resulted in potential usability challenges for all users. Research has shown that users of these new security requirements would typically do the minimum possible to adhere to these policies. End users have become wary of the potential security risks posed by hackers. Privacy laws and the need to protect user data have further added to the difficulties that researchers must overcome in order to better understand user needs. As a result, large sets of data containing password patterns are very difficult to collect and analyse. In this article, we present a possible solution to this data collection challenge by using simulation. This offers us the ability to generate large amounts of user data that can be used to illustrate different trends of password use. Our simulations of a scenario in an academic setting consist of four types of users—undergraduate and graduate students, faculty and staff. By making conservative assumptions of user behaviours based on literature, our findings show that while users of different education and technical backgrounds face different levels of challenges in setting up passwords, nearly all users displayed similar characteristics when updating passwords. These findings from our simulation illustrate the ability to overcome data collection challenges in this field and could potentially allow us to design more inclusive password policies.