Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: United States Federal Employees' Password Management Behaviors ‹ A Department of Commerce Case Study

NIST Authors in Bold

Author(s): Yee-Yin Choong; Mary F. Theofanos; Hung-Kung Liu;
Title: United States Federal Employees' Password Management Behaviors ‹ A Department of Commerce Case Study
Published: April 08, 2014
Abstract: Passwords are the most prevalent method used by the public and private sectors for controlling user access to systems. Organizations establish security policies and password requirements on how users should generate and maintain their passwords, and use the passwords to authenticate and gain access to systems. This research investigated United States (US) government employees‰ password management behaviors, attitudes and experiences with the policies in order to develop effective password policies that include usability considerations. We designed a survey to investigate the relationships between the length, complexity, and change interval of passwords and password management behaviors and security behaviors on work-related accounts that require authentications. A total of 4,573 Department of Commerce employees completed the survey. The results show that employees are juggling multiple passwords at work and are overwhelmed by tasks required in the password management lifecycle. The research shows that employees‰ attitudes toward cybersecurity policies affect their behaviors and experiences. Positive attitudes about password requirements correlate with more secure behaviors such as choosing stronger passwords and writing down passwords less often. Positive attitudes are also tied to less frustration with authentication procedures, and better understanding and respecting the significance of the need to protect passwords and system security.
Citation: NIST Interagency/Internal Report (NISTIR) - 7991
Keywords: Password management behavior, computer security, user perception, user attitudes, usability
Research Areas: Cybersecurity
DOI: http://dx.doi.org/10.6028/NIST.IR.7991
PDF version: PDF Document Click here to retrieve PDF version of paper (574KB)