Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

What 4,500+ people can tell you – Employees' Attitudes toward Organizational Password Policy Do Matter

Published

Author(s)

Yee-Yin Choong, Mary F. Theofanos

Abstract

Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related password activities that have security implications. We conducted a large-scale survey (4,573 respondents) to investigate the relationships between the organizational password policies and employees’ password behaviors. The key finding of this study is that employees’ attitudes toward the rationale be-hind cybersecurity policies are statistically significant with their password be-haviors and experiences. Positive attitudes are related to more secure behaviors such as choosing stronger passwords and writing down passwords less often, less frustration with authentication procedures, and better understanding and re-specting the significance to protect passwords and system security. We propose future research to promote positive employees’ attitudes toward organizational security policy that could facilitate the balance between security and usability.
Proceedings Title
Human Aspects of Information Security, Privacy, and Trust.
Conference Dates
August 2-7, 2015
Conference Location
Los Angeles, CA
Conference Title
3rd International Conference on Human Aspects of Information Security, Privacy and Trust

Keywords

password behavior, organizational password policy, cybersecurity, perception, attitudes, usability

Citation

Choong, Y. and Theofanos, M. (2015), What 4,500+ people can tell you – Employees' Attitudes toward Organizational Password Policy Do Matter, Human Aspects of Information Security, Privacy, and Trust., Los Angeles, CA (Accessed December 3, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created August 2, 2015, Updated February 19, 2017