Abstract

The username-password pair is still a prevalent form of online authentication. However, attacks that are leveraging weak password habits are on the rise. The main response of the security community on the ground is to invest more in educating users. Such an approach leads to believe that the long held assumption stating that an ignorant user is the cause of an inadequate password behavior, still has many opponents. Although different research studies have presented other more likely reasons, practices are still perpetuating the same solution mindset of increasing end users’ education. The behavior of users has not improved dramatically over the last decade despite all these efforts. Therefore, this research work explores the hypothesis that knowledge of good password habits is a necessary but not by itself a satisfactory requirement for a safe password behavior. This will be achieved by studying the password habits of the same people advocating for more end user education. To investigate this hypothesis, we conducted a survey targeting an audience of IT professionals with good knowledge about security. The survey results show that cognitive knowledge of password security does not always materialize into practical and secure password practices. The anticipated results would be that confronting IT professionals with their own password practices which fail to adhere to what they preach to end users, will motivate them to let go of their long held assumptions that more education is the solution. This will further support the points made by other studies explaining the rationale behind the inadequate password habits of end users.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.