Running head : MODELLING PASSWORD USE Rational Security : Modelling Everyday Password Use
نویسندگان
چکیده
To inform the design of security policy, task models of password behaviour were constructed for different user groups – Computer Scientists, Administrative Staff and Students. These models identified internal and external constraints on user behaviour and the goals for password use within each group. Data were drawn from interviews and diaries of password use. Analyses indicated password security positively correlated with the sensitivity of the task, differences in frequency of password use were related to password security and patterns of password reuse were related to knowledge of security. Modelling revealed Computer Scientists viewed information security as part of their tasks and passwords provided a way of completing their work. By contrast, Admin and Student groups viewed passwords as a cost incurred when accessing the primary task. Differences between the models were related to differences in password security and used to suggest six recommendations for security officers to consider when setting password policy.
منابع مشابه
PASSWORD USE Rational Security : Modelling Everyday Password Use
To inform the design of security policy, task models of password behaviour were constructed for different user groups – Computer Scientists, Administrative Staff and Students. These models identified internal and external constraints on user behaviour and the goals for password use within each group. Data were drawn from interviews and diaries of password use. Analyses indicated password securi...
متن کاملSystematic Decision Making in Security Management Modelling Password Usage and Support
Systematic Decision Making in Security Management Modelling Password Usage and Support Simon Arnell, Adam Beautement, Philip Inglesant, Brian Monahan, David Pym, Angela Sasse
متن کاملNote on 'Design of improved password authentication and update scheme based on elliptic curve cryptography'
Secured password authentication and update of passwords are two essential requirements for remote login over unreliable networks. In this paper, an elliptic curve cryptography (ECC) based technique has been proposed that not only satisfies the above two requirements, but also provides additional security requirements that are not available in some schemes proposed so far. For instances, the Pey...
متن کاملComments on a password authentication and update scheme based on elliptic curve cryptography
School of Mathematics and Statistics, Wuhan University, Wuhan, People’s Republic of China Email: [email protected] Abstract: The security of a password authentication and update scheme based on elliptic curve cryptography proposed by Islam et al. [S.K. Hafizul Islam, G.P. Biswas, Design of improved password authentication and update scheme based on elliptic curve cryptography, Mathematical and C...
متن کاملModelling the Security of Recognition-Based Graphical Passwords
Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a pr...
متن کامل