nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

What 4,500+ People Can Tell You – Employees’ Attitudes Toward Organizational Password Policy Do Matter

verfasst von : Yee-Yin Choong, Mary Theofanos

Erschienen in: Human Aspects of Information Security, Privacy, and Trust

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related password activities that have security implications. We conducted a large-scale survey (4,573 respondents) to investigate the relationships between the organizational password policies and employees’ password behaviors. The key finding of this study is that employees’ attitudes toward the rationale behind cybersecurity policies are statistically significant with their password behaviors and experiences. Positive attitudes are related to more secure behaviors such as choosing stronger passwords and writing down passwords less often, less frustration with authentication procedures, and better understanding and respecting the significance to protect passwords and system security. We propose future research to promote positive employees’ attitudes toward organizational security policy that could facilitate the balance between security and usability.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Exploring the Adoption of Physical Security Controls in Smartphones

Nächstes Kapitel An Investigation of the Factors that Predict an Internet User’s Perception of Anonymity on the Web

Nur mit Berechtigung zugänglich

Sasse, M.A., Brostoff, B., Weirich, D.: Transforming the ‘weakest link’ — a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3), 122–131 (2001)CrossRef

Vu, K.P.L., Bhargav, A., Proctor, R.W.: Imposing password restrictions for multiple accounts: Impact on generation and recall of passwords. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting 47(11), 1331–1335 (2003)

Brown, A.S., Bracken, E., Zoccoli, S., Douglas, K.: Generating and remembering passwords. Appl. Cogn. Psychol. 18(6), 641–651 (2004)CrossRef

Vu, K.L., Proctor, R.W., Bhargav-Spantzel, A., Tai, B., Cook, J., Schultz, E.E.: Improving password security and memorability to protect personal and organizational information. Int. J. Hum Comput Stud. 65, 744–757 (2007)CrossRef

Florêncio, D., Herley, C.: A Large-Scale Study of Web Password Habits. In: Proceedings of the 16th International Conference on World Wide Web 2007, pp. 657–666 (2007)

Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: Proceedings of NDSS (2014)

Inglesant, P.G., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 383–392. ACM (2010)

Grawemeyer, B., Johnson, H.: Using and managing multiple passwords: a week to a view. Interact. Comput. 23(3), 256–267 (2011)CrossRef

Kraus, S.J.: Attitudes and the prediction of behavior: a meta-analysis of the empirical literature. Pers. Soc. Psychol. Bull. 21(1), 58–75 (1995)MathSciNetCrossRef

10.

Avey, J.B., Wernsing, T.S., Luthans, F.: Can positive employees help positive organizational change? Impact of psychological capital and emotions on relevant attitudes and behaviors. J. Appl. Behav. Sci. 44(1), 48–70 (2008)CrossRef

11.

Choong, Y.-Y.: A cognitive-behavioral framework of user password management lifecycle. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 127–137. Springer, Heidelberg (2014)

12.

Ong, A.D., Weiss, D.J.: The impact of anonymity on responses to sensitive questions. J. Appl. Soc. Psychol. 30(8), 1691–1708 (2000)CrossRef

13.

Choong, Y.-Y., Theofanos, M., Liu, H.-K.: United States Federal Employees’ Password Management Behaviors – a Department of Commerce Case Study. NISTIR 7991, National Institute of Standards and Technology, Gaithersburg, US (2014)

14.

Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004)CrossRef

15.

WEBROOT.com: New Webroot Survey Reveals Poor Password Practices that May Put Consumers’ Identities At Risk (2010). http://www.webroot.com/us/en/company/press-room/releases/protect-your-computer-from-hackers. Accessed on 20 Jan 2015

16.

National Strategy for Trusted Identities in Cyberspace. The White House, Washington, DC, US (2014). http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf. Accessed on 08 Jan 2015

Titel: What 4,500+ People Can Tell You – Employees’ Attitudes Toward Organizational Password Policy Do Matter
verfasst von: Yee-Yin Choong
Mary Theofanos
Verlag: Springer International Publishing
Buch: Human Aspects of Information Security, Privacy, and Trust
Print ISBN: 978-3-319-20375-1

Electronic ISBN: 978-3-319-20376-8

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-20376-8_27

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"