The password practices applied by South African online consumers: Perception versus reality

Abstract

Background: The ability to identify and authenticate users is regarded as the foundation of computer security. Although new authentication technologies are evolving, passwords are the most common method used to control access in most computer systems. Research suggests that a large portion of computer security password breaches are the result of poor user security behaviour. The password creation and management practices that online consumers apply have a direct effect on the level of computer security and are often targeted in attacks. Objectives: The objective of this study was to investigate South African online consumers’ computer password security practices and to determine whether consumers’ perceptions regarding their password security ability is reflected in the password creation and management practices that they apply. Method: A Web-based survey was designed to (1) determine online consumers’ perceptions of their skills and competence in respect of computer password security and (2) determine the practices that South African online consumers apply when creating and managing passwords. The measures applied were then compared to (1) the users’ perceptions about their computer password security abilities and (2) the results of international studies to determine agreement and inconsistencies. Results: South African online consumers regard themselves as proficient password users. However, various instances of unsafe passwords practices were identified. The results of this South African study correspond with the results of various international studies confirming that challenges to ensure safe online transacting are in line with international challenges. Conclusion: There is a disparity between South African online consumers’ perceived ability regarding computer password security and the password creation and management practices that they apply.