What 4,500+ people can tell you – Employees' Attitudes toward Organizational Password Policy Do Matter

Published: August 02, 2015


Yee-Yin Choong, Mary F. Theofanos


Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related password activities that have security implications. We conducted a large-scale survey (4,573 respondents) to investigate the relationships between the organizational password policies and employees’ password behaviors. The key finding of this study is that employees’ attitudes toward the rationale be-hind cybersecurity policies are statistically significant with their password be-haviors and experiences. Positive attitudes are related to more secure behaviors such as choosing stronger passwords and writing down passwords less often, less frustration with authentication procedures, and better understanding and re-specting the significance to protect passwords and system security. We propose future research to promote positive employees’ attitudes toward organizational security policy that could facilitate the balance between security and usability.
Proceedings Title: Human Aspects of Information Security, Privacy, and Trust.
Conference Dates: August 2-7, 2015
Conference Location: Los Angeles, CA
Conference Title: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust
Pub Type: Conferences


password behavior, organizational password policy, cybersecurity, perception, attitudes, usability
Created August 02, 2015, Updated February 19, 2017