What 4,500+ people can tell you Employees' Attitudes toward Organizational Password Policy Do Matter
Yee-Yin Choong, Mary F. Theofanos
Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organizations information systems. This paper focuses on employees attitudes towards organizational password policies and examines the impacts on their work-related password activities that have security implications. We conducted a large-scale survey (4,573 respondents) to investigate the relationships between the organizational password policies and employees password behaviors. The key finding of this study is that employees attitudes toward the rationale be-hind cybersecurity policies are statistically significant with their password be-haviors and experiences. Positive attitudes are related to more secure behaviors such as choosing stronger passwords and writing down passwords less often, less frustration with authentication procedures, and better understanding and re-specting the significance to protect passwords and system security. We propose future research to promote positive employees attitudes toward organizational security policy that could facilitate the balance between security and usability.
Human Aspects of Information Security, Privacy, and Trust.
August 2-7, 2015
Los Angeles, CA
3rd International Conference on Human Aspects of Information Security, Privacy and Trust
and Theofanos, M.
What 4,500+ people can tell you – Employees' Attitudes toward Organizational Password Policy Do Matter, Human Aspects of Information Security, Privacy, and Trust., Los Angeles, CA
(Accessed May 30, 2023)