Relationships between Password Choices, Perceptions of Risk and Security Expertise

  • Sadie Creese
  • Duncan Hodges
  • Sue Jamison-Powell
  • Monica Whitty
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8030)

Abstract

‘Despite technological advances, humans remain the weakest link in Internet security’ [1], this weakness is typically characterised in one of two domains. First, systems may not enable humans to interface securely, or the security mechanisms themselves are unusable or difficult to use effectively. Second, there may be something fundamental about the behaviour of some people which leads them to become vulnerable.

This paper examines the links between perceptions of risk associated with online tasks and password choice. We also explore the degrees to which the said perceptions of risk differ according to whether the password user is a security expert or not, and whether they have experienced some form of attack.

Keywords

Risk Assessment Root Mean Square Error Social Networking Site Attack Scenario Security Expert 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Tam, L., Glassman, M., Vandenwauver, M.: The psychology of password management: a tradeoff between security and convenience. Behaviour & Information Technology 29(3), 233–244 (2010)CrossRefGoogle Scholar
  2. 2.
    Get Safe Online (2010), Use strong passwords, http://www.getsafeonline.org/nqcontent.cfm?a_id=1127
  3. 3.
    Gehringer, E.F.: Choosing passwords: security and human factors. In: 2002 International Symposium on Technology and Society, pp. 369–373 (2002)Google Scholar
  4. 4.
    Herley, C., van Oorschot, P.C., Patrick, A.S.: Passwords: If Were So Smart, Why Are We Still Using Them? In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 230–237. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Brown, A.S., Bracken, E., Zoccoli, S., Douglas, K.: Generating and remembering passwords. Applied Cognitive Psychology 18(6), 641–651 (2004)CrossRefGoogle Scholar
  6. 6.
    National Institute of Standards and Technology, Guide for conducting risk assessments. NIST special publication, 800-30 (2012)Google Scholar
  7. 7.
    Schneier, B.: Beyond Fear: Thinking sensibly about security in an uncertain world. Springer (2003)Google Scholar
  8. 8.
    Siegel, C.A., Sagalow, T.R., Serritella, P.: Cyber-risk management: technical and insurance controls for enterprise-level security. Information Systems Security 11(4), 33–49 (2002)CrossRefGoogle Scholar
  9. 9.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26(4), 401–406 (1980)MathSciNetMATHCrossRefGoogle Scholar
  10. 10.
    Trend Micro, TrendLabs Annual Security Roundup, a look back at 2011: Information is currency (2012)Google Scholar
  11. 11.
    Weinstein, N.D.: Unrealistic optimism about future life events. Journal of Personality and Social Psychology 39(5), 806 (1980)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Sadie Creese
    • 1
  • Duncan Hodges
    • 1
  • Sue Jamison-Powell
    • 2
  • Monica Whitty
    • 2
  1. 1.Cyber Security Centre, Department of Computer ScienceUniversity of OxfordUK
  2. 2.Department of Media and CommunicationsUniversity of LeicesterUK

Personalised recommendations