Parkin, S;
Driss, S;
Krol, K;
Sasse, MA;
(2016)
Assessing the User Experience of Password Reset Policies in a University.
In:
Technology and Practice of Passwords. PASSWORDS 2015.
(pp. pp. 21-38).
Springer: Cham.
Preview |
Text
passwords_2015_final.pdf Download (301kB) | Preview |
Abstract
Organisations may secure system access through use of passwords that comply with defined complexity rules. It may be required that passwords be changed regularly, using an in-person or online helpdesk. Helpdesk logs record password change events and support requests, but overlook the impact of compliance upon end-user productivity. System managers are not incentivised to investigate these impacts, so productivity costs remain with the end-user. We investigate how helpdesk log data can be analysed and augmented to expose the personal costs. Here we describe exploratory analysis of a university’s helpdesk log data, spanning 30 months and 500,000 system events for approximately 10,000 staff and 20,000-plus students. End-user costs were identified, where follow-on interviews and NASA-RTLX assessments with 20 students informed issues which log data did not adequately describe. The majority of users reset passwords before expiration (75% of log events). Log analysis indicated that the online self-service system was vastly preferred to the helpdesk, but that there was a 4:1 ratio of failed to successful attempts to recover account access. Log data did not describe the effort in managing passwords, where interviews exposed points of frustration. Participants saw the need for security but voiced a lack of understanding of the numerous restrictions on passwords. Frustrations led to adoption of diverse coping strategies. We propose ways to improve support, including real-time communication of reasons for failed password creation attempts, and measurement of timing for both successful and failed login attempts.
Type: | Proceedings paper |
---|---|
Title: | Assessing the User Experience of Password Reset Policies in a University |
Event: | The 9th International Conference on Passwords |
Location: | Cambridge University, UK |
Dates: | 07 December 2015 - 09 December 2015 |
ISBN-13: | 978-3-319-29937-2 |
Open access status: | An open access version is available from UCL Discovery |
DOI: | 10.1007/978-3-319-29938-9_2 |
Publisher version: | https://doi.org/10.1007/978-3-319-29938-9_2 |
Language: | English |
Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/1473628 |
Archive Staff Only
View Item |