UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Assessing the User Experience of Password Reset Policies in a University

Parkin, S; Driss, S; Krol, K; Sasse, MA; (2016) Assessing the User Experience of Password Reset Policies in a University. In: Technology and Practice of Passwords. PASSWORDS 2015. (pp. pp. 21-38). Springer: Cham. Green open access

[img]
Preview
Text
passwords_2015_final.pdf

Download (301kB) | Preview

Abstract

Organisations may secure system access through use of passwords that comply with defined complexity rules. It may be required that passwords be changed regularly, using an in-person or online helpdesk. Helpdesk logs record password change events and support requests, but overlook the impact of compliance upon end-user productivity. System managers are not incentivised to investigate these impacts, so productivity costs remain with the end-user. We investigate how helpdesk log data can be analysed and augmented to expose the personal costs. Here we describe exploratory analysis of a university’s helpdesk log data, spanning 30 months and 500,000 system events for approximately 10,000 staff and 20,000-plus students. End-user costs were identified, where follow-on interviews and NASA-RTLX assessments with 20 students informed issues which log data did not adequately describe. The majority of users reset passwords before expiration (75% of log events). Log analysis indicated that the online self-service system was vastly preferred to the helpdesk, but that there was a 4:1 ratio of failed to successful attempts to recover account access. Log data did not describe the effort in managing passwords, where interviews exposed points of frustration. Participants saw the need for security but voiced a lack of understanding of the numerous restrictions on passwords. Frustrations led to adoption of diverse coping strategies. We propose ways to improve support, including real-time communication of reasons for failed password creation attempts, and measurement of timing for both successful and failed login attempts.

Type: Proceedings paper
Title: Assessing the User Experience of Password Reset Policies in a University
Event: The 9th International Conference on Passwords
Location: Cambridge University, UK
Dates: 07 December 2015 - 09 December 2015
ISBN-13: 978-3-319-29937-2
Open access status: An open access version is available from UCL Discovery
DOI: 10.1007/978-3-319-29938-9_2
Publisher version: https://doi.org/10.1007/978-3-319-29938-9_2
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/1473628
Downloads since deposit
516Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item