Abstract
Organizations and, to larger extent governments, have in recent years become more reliant than ever on the consistent operation of their information systems (ISs), which have become critical to their success and efficacy. Even though the growing dependence on ISs has created a pressing need for gathering information and easing its accessibility, security vulnerabilities in the systems have unfortunately spawned opportunities for hackers to compromise the system’s integrity and validity. This has put information systems confidentiality at high risk. As this paper shows, user authentication mechanisms, particularly passwords, determine confidentiality, which is an essential aspect of IS security. Passwords have been and are still a common method of securing ISs. A problem arises when users need to memorize and manage passwords that meet requirements, namely that users are more likely to use a single password across multiple accounts. User selection of passwords for use in ISs creates an impasse for the user. Furthermore, the systems progressive reliance on passwords for user authentication points to the necessity of investigating password creation policies in organizations. In spite of organizations recommendations on password choice to users, the majority do not choose to protect their passwords or even require choosing strong passwords in effect making hackers work easier. This study uses a survey questionnaire to evaluate user-generated password characteristics and present findings that prove user negligence with regards to password choice. Additionally, a literature review on password vulnerabilities in organizations is presented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Perlroth, N., Krauss, C.: A cyber attack in Saudi Arabia failed to cause carnage, but the next could be deadly. The Independent, 21 Mar 2018 [Online]. Available: https://www.independent.co.uk/news/long_reads/cyber-warfare-saudi-arabia-petrochemical-security-america-a8258636.html. [Accessed 26 Aug 2018]
Symantec Corporation: Internet Security Threat Report (ISTR) 2018 — Symantec, Symantec, Mar 2018 [Online]. Available: https://www.symantec.com/security-center/threat-report. [Accessed 28 Aug 2018]
A. U. is an analyst for government et al.: Saudi Arabia’s new cyber security authority faces an uphill battle — GRI, Global Risk Insights, 27 Nov 2017 [Online]. Available: https://globalriskinsights.com/2017/11/saudi-arabia-cyber-security-authority-challenges/. [Accessed 26 Aug 2018]
Zviran, M., Haga, W.J.: Password security: an empirical study. J. Manag. Inf. Syst. 15(4), 161–185 (1999)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)
Martinson, K.W.: Passwords: a survey on usage and policy. Technical report, AIR Force INST of Tech Wright-Patterson AFB OH School of Engineering and Management (2005)
Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, Banff, pp. 657–666. ACM (2007)
Gaw, S., Felten, E.W.: Password management strategies for online accounts. In: Proceedings of the Second Symposium on Usable Privacy and Security, Pittsburgh, pp. 44–55. ACM (2006)
Hoonakker, P., Bornoe, N., Carayon, P.: Password authentication from a human factors perspective: results of a survey among end-users. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 53, pp. 459–463. SAGE Publications, Sage/Los Angeles (2009)
Duggan, G.B., Johnson, H., Grawemeyer, B.: Rational security: modelling everyday password use. Int. J. Hum-Comput. Stud. 70(6), 415–431 (2012)
Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘weakest link’—a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3), 122–131 (2001)
Herley, C., Van Oorschot, P.: A research agenda acknowledging the persistence of passwords. IEEE Secur. Priv. 10(1), 28–36 (2012)
Gulenko, I.: Improving passwords: influence of emotions on security behaviour. Inf. Manag. Comput. Secur. 22(2), 167–178 (2014)
Charoen, D., Raman, M., Olfman, L.: Improving end user behaviour in password utilization: an action research initiative. Syst. Pract. Action Res. 21(1), 55–72 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Almehmadi, T., Alsolami, F. (2019). Password Security in Organizations: User Attitudes and Behaviors Regarding Password Strength. In: Latifi, S. (eds) 16th International Conference on Information Technology-New Generations (ITNG 2019). Advances in Intelligent Systems and Computing, vol 800. Springer, Cham. https://doi.org/10.1007/978-3-030-14070-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-14070-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-14069-4
Online ISBN: 978-3-030-14070-0
eBook Packages: EngineeringEngineering (R0)