Studying Password Use in the Wild: Practical Problems and Possible Solutions.
Proceedings of the Sixth Symposium on Usable Privacy and Security.
Sasse_Inglesant%2BSasse_Password use in the wild - SOUPS2010.pdf
Download (67kB) | Preview
HCI research into usability and security over 10 years has repeatedly found that users are unable to cope when faced with unusable password policies. Yet to show the full impact of these policies, it is necessary to consider the context of use within the organisation. Password requirements which users cannot meet have a cost in terms of impact on users’ primary task and, hence, loss of productivity. Conversely, organisational practices determine the numbers of passwords and the frequency of use. Retrospective accounts, questionnaires, and experimental methods fail to capture the full context of use. We present our experiences from the use of a study which was designed to overcome these shortcomings. We devised a structured diary study of password use followed by detailed debrief interviews. We found that this study effectively elicited participants’ main password uses and brought to light details of the context of use. However, the study did not capture accurate measures of workload or time taken in password use; these are better measured through other methods. Finally, our research leads us to conclude that there are further impacts of passwords in the workplace which can only be fully understood from richer ethnographic methods.
|Title:||Studying Password Use in the Wild: Practical Problems and Possible Solutions|
|Event:||Usable Security Experiment Reports (USER) Workshop, SOUPS 2010|
|Location:||Redmond, WA, USA|
|Dates:||14 July 2010 - 14 July 2010|
|Open access status:||An open access version is available from UCL Discovery|
|Keywords:||Diary studies; passwords; ethnographic studies; semi-structured interviews|
|UCL classification:||UCL > School of BEAMS
UCL > School of BEAMS > Faculty of Engineering Science
Archive Staff Only