论文信息 - Pretty good persuasion: a first step towards effective password security in the real world

Pretty good persuasion: a first step towards effective password security in the real world

In the past, research on password mechanisms has focussed almost entirely on technical issues. Only in recent years has the security research community acknowledged that user behavior plays a part in many security failures, and that policies alone may not be sufficient to ensure correct behavior. We argue that password mechanisms and their users form a socio-technical system, whose effectiveness relies strongly on users' willingness to make the extra effort that security-conscious behavior requires. In most organizations, users cannot be forced to comply; rather, they have to be persuaded to do so. Ultimately, the mechanisms themselves, policies, tutorials, training and the general discourse have to be designed with their persuasive power in mind. We present the results of a first study that can guide such persuasive efforts, and describe methods that can be used to persuade users to employ proper password practice.

M. Angela Sasse | Dirk Weirich

[1] Ian Wakeman,et al. Examining Users' Repertoire of Internet Applications , 1999, INTERACT.

[2] J. Potter,et al. Discourse and Social Psychology: Beyond Attitudes and Behaviour , 1987 .

[3] J. Doug Tygar,et al. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[4] Mark S. Ackerman,et al. Usability and Security , 1999, NDSS.

[5] U. Holmström. User-centered design of secure software , 1999 .

[6] John J. McGonagle. Corporate espionage: What it is, why it's happening in your company, what you must do about it , 1997 .

[7] R. Rogers. Cognitive and physiological processes in fear appeals and attitude change: a revised theory of prote , 1983 .

[8] M. Angela Sasse,et al. Users are not the enemy , 1999, CACM.

[9] Sacha Brostoff,et al. Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[10] Mary Ellen Zurko,et al. User-centered security , 1996, NSPW '96.

[11] M. Angela Sasse,et al. Making Passwords Secure and Usable , 1997, BCS HCI.