Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Cognitive-Behavioral Framework of User Password Management Lifecycle

Published

Author(s)

Yee-Yin Choong

Abstract

Passwords are the most commonly used mechanism in controlling users’ access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password, using the password to authenticate, then to the end of the lifespan of the password when it needs to be changed. We develop a cognitive-behavioral framework depicting the cognitive activities that users per-form within each stage, and how the stages interact with the human information processor, i.e. memory and attention resources. Individual factors are also rep-resented in the framework such as attitudes, motivations, and emotions that can affect users’ behaviors during the password management lifecycle. The paper discusses cognitive and behavioral activities throughout the lifecycle as well as the associated economics. We show the importance of a holistic approach in understanding users’ password behaviors and the framework provides guidance on future research directions.
Proceedings Title
Proceedings of the 16th International Conference on Human-Computer Interaction
Conference Dates
June 23-27, 2014
Conference Location
Heraklion, Crete
Conference Title
The 16th International Conference on Human-Computer Interaction

Keywords

password, password management lifecycle, cyber security, password policy, usability, cognitive-behavioral framework, economics of passwords

Citation

Choong, Y. (2014), A Cognitive-Behavioral Framework of User Password Management Lifecycle, Proceedings of the 16th International Conference on Human-Computer Interaction, Heraklion, Crete, -1 (Accessed May 18, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 22, 2014, Updated February 19, 2017