Attitudes and Behavior Towards Password Use on the World Wide Web
Date: October 11 2000
Publication: Survey Project Requirement for IS 271, University of California Berkeley
Source 1: http://courses.ischool.berkeley.edu/i271a/f00/Passwords/index.html
Source 2: http://www.sims.berkeley.edu/~sinha/teaching/Infosys271_2000/Passwords/index.html
Abstract or Summary:
There is a usability and security problem caused by an increase in the number of web sites that require password-based logins. Web sites for e-commerce, e-mail, financial services, and even news require users to log in. There is a great deal of variability in sites that require logins. The type of data that these sites protect with passwords ranges from highly sensitive (in the case of financial information) to relatively insensitive (in the case of news services, for instance). The frequency of use varies greatly as well. Many web sites are accessed daily (web-based e-mail, for instance) while others are accessed infrequently.
All of these factors contribute to a password management problem. As a result, users must devise mechanisms to make it easy to remember passwords, such as basing the password of personal information, reusing passwords, or writing passwords down. However, these mechanisms are often at odds with good security guidelines. As additional services are layered onto the web, we believe that this password management problem will only worsen.
We conducted a survey of 125 people to test our hypotheses. The survey results support the broad hypothesis that people deviate from secure password practices. However, they deviated in many ways, with few discernable trends among the various demographic groups.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.