Abstract
Passwords are the most commonly used authentication system primarily because they are free not because they are superior to other authentication processes. However, when properly managed through the adoption of good password management practices, passwords are capable of guaranteeing the security of our online accounts and information stored in electronic gadgets such as computers. The human factor has been blamed for compromising efforts towards enhancing computer security particularly so because of general password mismanagement. While past research has recommended good password management systems, the reason behind continued password mismanagement despite the knowledge of good password management practices has not yet been sought. Therefore, this research seeks to explore this problem with the aim of understanding why people mismanage passwords. The results of the research will help in establishing or recommending the use of strategies that ensure good password management practices.
Introduction
Before a user is allowed access to an electronic system of information stored in an electronic system, it is a common practice for the system to ensure that the right person is doing it through an authentication process. Passwords are the most commonly used form of authentication in modern days (Stamp 4). The prominence of passwords is because passwords are free but this does not imply that passwords are the most secure form authentication (Stamp 4). In fact, passwords are often mishandled thereby compromising security of protected electronic system especially considering that hackers are always coming up with better ways of cracking passwords and accessing protected electronic systems and information (Klein 1-3).
Literature Review
There are hundreds of books, papers and articles outlining the principles of a strong password as an effective computing security system. Some resources have gone further to recommend good password policies that if followed by every computer and internet user, should keep all password crackers at bay (Klein 2-5; Graves 3 & Cole 340). Available literature shows that people know the importance of a good password and what makes a good password (Campbell, Ma and Kleeman 340 & Tam, Glassman and Vandenwauver, 234). However, people do not believe they can be target for online fraud and therefore do not mind setting strong passwords (Powell). Accordingly, it is interesting that although people understand what a strong password is and how to set up one, this knowledge does not necessarily translate into good password management.
It is therefore not surprising to realize that many people including IT professionals take cyber criminal for granted considering the way they mismanage passwords. For instance, Powell found that several users including IT professionals and company executives mismanage their passwords because they are highly optimistic about internet security. Millman also found that almost a half of IT professionals who participated in the study wrote down passwords to their important accounts, electronic documents and files. In another study, Tari, Ozok and Holden (2) found that a majority of Automatic Teller Machine (ATM) cardholders do not change their default passwords because they believe they cannot be victims of cyber crime.
Research Problem
In the overall computing system, the human link has been considered to be the weakest factor in computer security owing to mismanagement and mishandling of computing security (Tam, Glassman and Vandenwauver 234). It is no wonder that hackers are finding it extremely easy to crack computer security systems, access other people’s accounts for various malicious activities such as transfer money to their accounts, and send falsified messages to friends, co-workers, employers, employees and relatives. Why is this the case? Is it that people do not know the importance of passwords or is it that people do not know how to how to set strong passwords or is it that people do not care? These three crucial questions require clear understanding.
Research Questions
This research seeks to answer the following research questions
- Are people aware of the costs of a poor password management system?
- Do people know the value of a good password management system?
- Do people know that they can be victims of cyber crime?
- Do users know what makes a good password management system?
- What motivates people to adopt good password management systems?
Purpose and Relevance
Poor password management is making several people vulnerable to cyber crime and therefore fueling cyber crime. In the effort to enhance security of electronic gadget users, there is a need to understand why the human factor is the weak link in computing security. This way, it will be possible to establish or recommend the use of strategies that enhance good password management. Such strategies could include, for example, mandatory change of default passwords, mandatory change of password after a given number of days and use of restricted password composition among others.
Conclusion
Passwords are the most common authentication system used in modern day electronic gadgets. However, users including IT professionals are mismanaging passwords thereby compromising the security of their online accounts and information stored on various electronic gadgets. Since they are aware of what comprises good password management practices, the understanding of why they are not transferring this knowledge into practice will aid in establish necessary intervention to enhance computer security.
Works Cited
Campbell, John., Ma, Wanli & Kleeman, Dale. Impact of Restrictive Composition Policy on User Password Choices. Behavior & Information Technology, 30.3 (2011).
Cole, Eric. Hackers Beware: Defending your Network from the Wily Hacker. New Riders Publishing, 2001.
Graves, Russell E. High Performance Passwords Cracking by Implementing Rainbow Tables on nVidia Graphics Cards (IseCrack). Iowa State University, 2008.
Klein, Ken S. Healthy Passwords: Learn to Make Strong Passwords you can Remember. Ligonier, PA: Sustainable Alternatives, LLC.
Millman, Rene. Four in Ten Security Staffers Write Down Passwords. SC Magazine, 2006.
Powell, James. How Security Breaches Impact your Brand. Enterprise Systems, 2006.
Stamp, Mark. Information Security: Principles and Practice. Hoboken, NJ: John Wiley & Sons, Inc., 2006.
Tam, L., Glassman, M. & Vandenwauver, M. The Psychology of Password Management: A Tradeoff Between Security and Convenience. Behavior & Information Technology, 29.3 (2010).
Tari, Furkan., Ozok, Ant A. & Holden, Stephen H. A Comparison of Perceived and Real Shoulder-Surfing Risks between Alphanumeric and Graphical Passwords. 2006. Web. Jan 24, 2014.
