Studying Password Use in the Wild: Practical Problems and Possible Solutions.
Presented at: Usable Security Experiment Reports (USER) Workshop, SOUPS 2010, Redmond, WA, USA.
HCI research into usability and security over 10 years has repeatedly found that users are unable to cope when faced with unusable password policies. Yet to show the full impact of these policies, it is necessary to consider the context of use within the organisation. Password requirements which users cannot meet have a cost in terms of impact on users’ primary task and, hence, loss of productivity. Conversely, organisational practices determine the numbers of passwords and the frequency of use. Retrospective accounts, questionnaires, and experimental methods fail to capture the full context of use. We present our experiences from the use of a study which was designed to overcome these shortcomings. We devised a structured diary study of password use followed by detailed debrief interviews. We found that this study effectively elicited participants’ main password uses and brought to light details of the context of use. However, the study did not capture accurate measures of workload or time taken in password use; these are better measured through other methods. Finally, our research leads us to conclude that there are further impacts of passwords in the workplace which can only be fully understood from richer ethnographic methods.
|Type:||Conference item (UNSPECIFIED)|
|Title:||Studying Password Use in the Wild: Practical Problems and Possible Solutions|
|Event:||Usable Security Experiment Reports (USER) Workshop, SOUPS 2010|
|Location:||Redmond, WA, USA|
|Dates:||14 July 2010 - 14 July 2010|
|UCL classification:||UCL > School of BEAMS > Faculty of Engineering Science
UCL > School of BEAMS > Faculty of Engineering Science > Computer Science
Archive Staff Only