Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

What 4,500+ people can tell you – Employees' Attitudes toward Organizational Password Policy Do Matter



Yee-Yin Choong, Mary F. Theofanos


Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related password activities that have security implications. We conducted a large-scale survey (4,573 respondents) to investigate the relationships between the organizational password policies and employees’ password behaviors. The key finding of this study is that employees’ attitudes toward the rationale be-hind cybersecurity policies are statistically significant with their password be-haviors and experiences. Positive attitudes are related to more secure behaviors such as choosing stronger passwords and writing down passwords less often, less frustration with authentication procedures, and better understanding and re-specting the significance to protect passwords and system security. We propose future research to promote positive employees’ attitudes toward organizational security policy that could facilitate the balance between security and usability.
Proceedings Title
Human Aspects of Information Security, Privacy, and Trust.
Conference Dates
August 2-7, 2015
Conference Location
Los Angeles, CA
Conference Title
3rd International Conference on Human Aspects of Information Security, Privacy and Trust


password behavior, organizational password policy, cybersecurity, perception, attitudes, usability


Choong, Y. and Theofanos, M. (2015), What 4,500+ people can tell you – Employees' Attitudes toward Organizational Password Policy Do Matter, Human Aspects of Information Security, Privacy, and Trust., Los Angeles, CA (Accessed April 24, 2024)
Created August 2, 2015, Updated February 19, 2017