Password Logbooks and What Their Amazon Reviews Reveal About Their UsersÕ Motivations, Beliefs, and Behaviors

The existence of and market for notebooks designed for users to write down passwords illuminates a sharp contrast: what is often prescribed as proper password behavior—e.g., never write down passwords—differs from what many users actually do. These password logbooks and their reviews provide many unique and surprising insights into their users’ beliefs, motivations, and behaviors. We examine the password logbooks and analyze, using grounded theory, their reviews, to better understand how these users think and behave with respect to password authentication. Several themes emerge including: previous password management strategies, gifting, organizational strategies, password sharing, and dubious security advice. Some users argue these books enhance security.

[1]  Elizabeth Stobert,et al.  The Password Life Cycle: User Behaviour in Managing Passwords , 2014, SOUPS.

[2]  Bing Liu,et al.  Mining and summarizing customer reviews , 2004, KDD.

[3]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[4]  David A. Wagner,et al.  Do Android users write about electric sheep? Examining consumer reviews in Google Play , 2013, 2013 IEEE 10th Consumer Communications and Networking Conference (CCNC).

[5]  M. Angela Sasse,et al.  The true cost of unusable password policies: password use in the wild , 2010, CHI.

[6]  Mohammad Maifi Hasan Khan,et al.  Why Do They Do What They Do?: A Study of What Motivates Users to (Not) Follow Computer Security Advice , 2016, SOUPS.

[7]  Rick Wash,et al.  Stories as informal lessons about security , 2012, SOUPS.

[8]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[9]  Sean W. Smith,et al.  Circumvention of Security: Good Users Do Bad Things , 2013, IEEE Security & Privacy.

[10]  Karen Renaud,et al.  Why do people adopt, or reject, smartphone password managers? , 2016 .

[11]  Cormac Herley,et al.  So long, and no thanks for the externalities: the rational rejection of security advice by users , 2009, NSPW '09.

[12]  Marios Kokkodis Learning from positive and unlabeled amazon reviews: towards identifying trustworthy reviewers , 2012, WWW.

[13]  Elissa M. Redmiles,et al.  I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[14]  Jason I. Hong,et al.  A diary study of password usage in daily life , 2011, CHI.