Pretty Good Persuasion: A First Step Towards Effective Password Security in the Real World
Date: September 2001
Publication: Proceedings of the New Security Paradigms Workshop 2001
Page(s): 137 - 143
Source 1: http://www.nspw.org/papers/2001/nspw2001-weirich.pdf
Source 2: http://hornbeam.cs.ucl.ac.uk/hcs/publications/Weirich+Sasse_Pretty%20Good%20Persuasion_New%20Security%20Paradigms%20Workshop2001.pdf
Source 3: http://dx.doi.org/10.1145/508171.508195 - Subscription or payment required
In the past, research on password mechanisms has focussed almost entirely on technical issues. Only in recent years has the security research community acknowledged that user behavior plays a part in many security faliures, and that policies alone may not be sufficient to ensure correct behavior. We argue that password mechanisms and their users form a socio-technical system, whose effectiveness relies strongly on users' willingness to make the extra effort that security-conscious behavior requires. In most organizations, users cannot be forced to comply, rather, they have to be persuaded to do so. Ultimately, the mechanisms themselves, policies, tutorials, training and the general discourse have to be designed with their persuasive power in mind. We present the results of a first study that can guide such persuasive efforts, and describe methods that can be used to persuade users to employ proper password practice.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.