Is Pavlovian Password Management the Answer?
Date: August 2014
Publication: Passwords14 Las Vegas
Source: Currently no known Internet copy of paper.
Abstract or Summary:
For end users we have been trying to get users to understand the importance of constructing good passwords. We provide guidance on what a good password is (even though the guidance that I have seen is still usually unacceptable in most places when compared to NIST guidelines). We spend a lot of time telling the user to ďdo this because security experts advise it, or itís part of our policyĒ but we donít really provide an incentive or an understanding of why we tell them to do this. Well humans are programmable, and the best way to see the human brain is to look at it like a Bayesian network. It requires training for it to adapt to change, and repeated consistent data to be provided. Gmail and LinkedIn and the likes all offer 2-factor authentication but the percentage of adoption is low. One thing Iíve learned about humans is that in most cases, they will take the path of least resistance when it comes to change management, and only when applied pressure (road block is a nice way of putting it) or a reward is offered does this usually disrupt this path.
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=ySgI5H0EIrw
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.