Passwords: Do User Preferences and Website Protocols Differ From Theory?
Roberta Ann Barra, University of Hawai’i at Hilo - Hilo HI USA, Roberta.firstname.lastname@example.org Alexander McLeod, University of Nevada - Reno, Nevada USA, email@example.com Arline Savage, California Polytechnic State University - San Luis Obispo CA USA, firstname.lastname@example.org Mark G. Simkin, University of Nevada - Reno, Nevada USA, email@example.com
Despite the availability of superior authentication tools, password security continues to be an important access control in modern, computer-based systems. Are strong passwords used in these systems? Under what conditions are users willing to adopt stronger passwords? To answer these questions, the authors examined the websites of 154 organizations and additionally, analyzed 240 responses from a separate survey of password users. In terms of password length and duration, the answer to our first question was “No, strong passwords are not used.” The answer to our second question regarding willingness to adopt stronger passwords appears to depend upon how often users must change them.