{"title":"Assessing the Value of Formal Control Mechanisms on Strong Password Selection","authors":"J. Crawford","doi":"10.4018/jsse.2013070101","DOIUrl":null,"url":null,"abstract":"Applications often use behavior control mechanisms in order to ensure that individuals create sufficiently strong passwords. Behavior controls, which force individuals to utilize specific password characteristics, are assumed to be the best mechanism to encourage strong password creation. However, an over reliance on them could lead to counterproductive security behaviors. This study examines the efficacy of formal controls in the password creation process to determine if their use does indeed result in meaningfully stronger passwords than informal control techniques. Findings demonstrate that controls used during the password creation process do indeed shape password strength, but that behavior controls do not produce significantly stronger passwords than informal controls. Using an Agency Theory perspective, control techniques are considered in their ability to align principal-agent goal and risk perceptions. Findings illustrate the importance of using both informal and formal controls as a means of creating strong and effective passwords.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"151 1","pages":"1-17"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jsse.2013070101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Applications often use behavior control mechanisms in order to ensure that individuals create sufficiently strong passwords. Behavior controls, which force individuals to utilize specific password characteristics, are assumed to be the best mechanism to encourage strong password creation. However, an over reliance on them could lead to counterproductive security behaviors. This study examines the efficacy of formal controls in the password creation process to determine if their use does indeed result in meaningfully stronger passwords than informal control techniques. Findings demonstrate that controls used during the password creation process do indeed shape password strength, but that behavior controls do not produce significantly stronger passwords than informal controls. Using an Agency Theory perspective, control techniques are considered in their ability to align principal-agent goal and risk perceptions. Findings illustrate the importance of using both informal and formal controls as a means of creating strong and effective passwords.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
