Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

A Cognitive-Behavioral Framework of User Password Management Lifecycle



Yee-Yin Choong


Passwords are the most commonly used mechanism in controlling users’ access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password, using the password to authenticate, then to the end of the lifespan of the password when it needs to be changed. We develop a cognitive-behavioral framework depicting the cognitive activities that users per-form within each stage, and how the stages interact with the human information processor, i.e. memory and attention resources. Individual factors are also rep-resented in the framework such as attitudes, motivations, and emotions that can affect users’ behaviors during the password management lifecycle. The paper discusses cognitive and behavioral activities throughout the lifecycle as well as the associated economics. We show the importance of a holistic approach in understanding users’ password behaviors and the framework provides guidance on future research directions.
Proceedings Title
Proceedings of the 16th International Conference on Human-Computer Interaction
Conference Dates
June 23-27, 2014
Conference Location
Heraklion, Crete, -1
Conference Title
The 16th International Conference on Human-Computer Interaction


password, password management lifecycle, cyber security, password policy, usability, cognitive-behavioral framework, economics of passwords
Created June 22, 2014, Updated February 19, 2017