ABSTRACT
Users of password-protected systems have to be persuaded to follow certain regulations to keep systems secure. This paper describes the results of a first study of the mental models, metaphors, attitudes and skills users hold with respect to password mechanisms. It shows that users are currently not motivated to adopt proper password practices. They do not believe that they ultimately can stop somebody from getting into the system, or that somebody getting in could cause them any serious personal harm. We recommend a novel approach to the design of training and online support, which is based on an appropriate use of fear appeals.
- Schneier, B. Secrets and Lies. John Wiley & Sons (2000)..]] Google ScholarDigital Library
- Adams, A. and Sasse, M. A. Users are not the enemy. Communications of the ACM, Vol. 42, No. 12 (December, 1999).]] Google ScholarDigital Library
- Whitten, A. and Tygar, J. D. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. 8th USENIX security composium (Washington, August 1999).]] Google ScholarDigital Library
- Potter, J. and Wetherell, M. Discourse and social psychology. Sage Publications Ltd (London, 1987).]]Google Scholar
- Rimmer, J., Wakeman, I., Sheeran, L.,Sasse, M. A. Examining users' repertoire of Internet applications. In Sasse, M. A. and Johnson, C. (Eds.): Human-Computer Interaction - INTERACT '99(1999).]]Google Scholar
- Rogers, R. W. Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In Cacioppo, J. and Petty, R. (Eds.): Social Psychophysiology. Guilford Press (NY, 1983).]]Google Scholar
Index Terms
- Persuasive password security
Comments