Affiliation:
1. University of Canberra, Australia
2. Griffith University, Australia
Abstract
Maintaining the security of information systems and associated data resources is vital if an organization is to minimize losses. Access controls are the first line of defense in this process. The primary function of authentication controls is to ensure that only authorized users have access to information systems and electronic resources. Password-based systems remain the predominant means of user authentication despite viable authentication alternatives. Research suggests that password-based systems are often compromised by poor user security practices. This chapter presents the results of a survey of 884 computer users that examines user practice in creating and reusing password keys, and reports the findings on user password composition and security practices for email accounts. Despite a greater awareness of security issues, the results show that many users still select and reuse weak passwords keys that are based on dictionary words and other meaningful information.
Reference23 articles.
1. Users are not the enemy
2. How to replace an old email system with a new
3. Generating and remembering passwords
4. Campbell, J., & Bryant, K. (2004). Password composition and Security: An Exploratory Study of User Practice, Paper presented at Australasian Conference on Information Systems, December 1-3, University of Tasmania, Hobart.
5. The Good and Not So Good of Enforcing Password Composition Rules