Password policies vs. usability: when do users go "bananas"?
Conference Publication ResearchOnline@JCUAbstract
To grant password security, it is still a common practice to request users to comply with a number of rules that need to be met for the resulting password to be valid. Users have no option but to comply with the rules, but is there a specific point where the required rules start being perceived as a nuisance and thus jeopardize security? This paper addresses users’ reactions to such a scenario by means of an online survey (N=51) where users are being asked to create a password following an increasing number of restrictions. We thereby follow their evolving responses as each further criterion is added. Our analysis confirms that the increase in rule complexity has detrimental effects on usability and can lead to workarounds potentially compromising password security.
Journal
N/A
Publication Name
TrustCom 2020: IEEE 19th International Conference on Trust, Security and Privacy in Computing
Volume
N/A
ISBN/ISSN
978-0-7381-4380-4
Edition
N/A
Issue
N/A
Pages Count
6
Location
Guangzhou, China
Publisher
Institute of Electrical and Electronics Engineers
Publisher Url
N/A
Publisher Location
Piscataway, NJ, USA
Publish Date
N/A
Url
N/A
Date
N/A
EISSN
N/A
DOI
10.1109/TrustCom50675.2020.00032