Content area
Full text
ABSTRACT
Why don't individuals follow the best information security practices? We address an aspect of this question by focusing on one of the most common authentication methods - passwords. To promote better password habits, security experts consistently recommend the use of password managers as a best practice, but recent research shows their usage rate is low. Therefore, understanding the factors that influence the use of a password manager is important. We contribute to this cause by drawing on information security and technology adoption literature. Survey results from 120 participants with varying numbers of internet accounts yield some counterintuitive findings. As proposed, perceived severity and perceived vulnerability of password loss strongly influenced intent to use password managers. However, perceived ease of use diminished the intent to use password managers, and trust is only partially supported. Our results indicate that 'security' aspects of password managers are more important than 'usability' aspects. The implications of these findings for password management are discussed.
Keywords: Security, Passwords, Password managers, Perceived severity, Perceived vulnerability
INTRODUCTION
Individuals often ignore the best information security practices. Why? For example, individuals often create 'weak' passwords. Although passwords are used to protect and restrict access to sensitive information, a recent survey of American users has found that users share, reuse, and use weak passwords (Pew Research Center, 2017). The password authentication method is easy-to-use; however, users are bad at managing passwords. Users create passwords that are easy to guess. An examination of 32 million users' password data suggests that 5,000 passwords accounted for 20% of user accounts (Vance, 2010). Users typically used simple passwords like '123456' or 'abc123'.
Given the stronghold of passwords as an authentication method (Herley & Oorschot, 2012), researchers have studied users' password behaviors. Research and anecdotal evidence suggest that users have lousy password habits such as reusing and writing down passwords (Komanduri et al., 2011; Wash, Rader, Berman, & Wellmer, 2016; Yan, Han, Li, Zhou, & Deng, 2015). Besides, users overestimate the security of their passwords and do not have a good understanding of password strength (Ur et al., 2016). It is also easy to trick users to divulge their passwords for simple rewards (Happ, Melzer, & Steffgen, 2016).
Given these issues with passwords, researchers have suggested options to improve on...