Users’ perceptions regarding password policies

Fredericks, Damian Todd

Title: Users’ perceptions regarding password policies
Creator: Fredericks, Damian Todd
Subject: Computers -- Access control
Subject: Computer networks -- Security measures Computer security
Date Issued: 2018
Date: 2018
Type: Thesis
Type: Masters
Type: MIT
Identifier: http://hdl.handle.net/10948/30205
Identifier: vital:30896
Description: Information is considered a valuable asset to most organisations and is often exposed to various threats which exploit its confidentiality, integrity and availability (CIA). Identification and Authentication are commonly used to help ensure the CIA of information. This research study specifically focused on password-based authentication. Passwords are used to log into personal computers, company computers, email accounts, bank accounts and various software systems and mobile applications. Passwords act like a protective barrier between a user and their personal and company information, and remain the most cost-effective and most efficient method to control access to computer systems. An extensive content analysis was conducted regarding the security of passwords, as well as users’ password management coping strategies. It was determined that very little research has been conducted in relation to users’ perceptions towards password policies. The problem identified by this research is that organisations often implement password policy guidelines without taking into consideration users’ perceptions regarding such guidelines. This could result in users adopting various password management coping strategies. This research therefore aimed to determine users’ perceptions with regard to current password-related standards and best practices (password policy guidelines). Standards and best practices such as ISO/IEC 27002 (2013), NIST SP 800-118 (2009), NIST SP 800-63-2 (2013), NIST SP 800-63B (2016) and the SANS Password Protection Policy (2014b) were studied in order to determine the common elements of password policies. This research argued that before organisations implement password policy guidelines, they need to determine users’ perceptions towards such guidelines. It was identified that certain human factors such as human memory, attitude and apathy often cause users to adopt insecure coping strategies such as Reusing Passwords, Writing Down Passwords and Not Changing Passwords. This research included a survey which took the form of a questionnaire. The aim of the survey was to determine users’ perceptions towards common elements of password policies and to determine the coping strategies users commonly adopt. The survey included questions related to the new NIST SP 800-63B (2016) that sought to determine users’ perceptions towards these new NIST password policy iii guidelines. Findings from the survey indicated that respondents found the new NIST guidelines to be helpful, secure and easier to adhere to. Finally, recommendations regarding password policies were presented based on the common elements of password policies and users’ perceptions of the new NIST password guidelines. These recommendations could help policy makers in the implementation of new password policies or the revision of current password policies.
Format: xi, 163 leaves
Format: pdf
Publisher: Nelson Mandela University
Publisher: Faculty of Engineering, the Built Environment and Information Technology
Language: English
Rights: Nelson Mandela University

Hits: 1044
Visitors: 1134
Downloads: 184

Collections

NMU School of Information and Communication Technology

		Thumbnail	File	Description	Size	Format
View Details Download			SOURCE1	Damian Fredericks Final Copy Dissertation.pdf	2 MB	Adobe Acrobat PDF	View Details Download