Table of Contents Internat I onal Journal of Informat I on Secur I ty and Pr I vacy

aBstraCt The security of computer systems that store our data is a major issue facing the world. This research project investigated the roles of ease of use, facilitating conditions, intention to use passwords securely, experience and age on usage of passwords, using a model based on the Unified Theory of Acceptance and Use of Technology. Data was collected via an online survey of computer users, and analyzed using PLS. The results show there is a significant relation -ship between ease of use of passwords, intention to use them securely and the secure usage of passwords. Despite expectations, facilitating conditions only had a weak impact on intention to use passwords securely and did not influence actual secure usage. Computing experience was found to have an effect on intention to use passwords securely, but age did not. The results of this research lend themselves to assisting in policy design and better understanding user behavior. [Article copies are available for purchase from InfoSci-on-Demand.com]Keywords: Ease of Use; Facilitating Conditions; Passwords; Unified Theory of Acceptance

[1]  Eric Maiwald,et al.  Network Security: A Beginner's Guide , 2001 .

[2]  Viswanath Venkatesh,et al.  Gender and age differences in employee decisions about new technology: an extension to the theory of planned behavior , 2005, IEEE Transactions on Engineering Management.

[3]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[4]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[5]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[6]  Joseph A. Cazier,et al.  The Role of Privacy Risk in IT Acceptance: An Empirical Study , 2007, Int. J. Inf. Secur. Priv..

[7]  Susan A. Brown,et al.  Do I really have to? User acceptance of mandated technology , 2002, Eur. J. Inf. Syst..

[8]  Malcolm Munro,et al.  Understanding and measuring user competence , 1997, Inf. Manag..

[9]  Heikki Karjaluoto,et al.  Consumer acceptance of online banking: an extension of the technology acceptance model , 2004, Internet Res..

[10]  Supriya Singh,et al.  What is your husband's name?: sociological dimensions of internet banking authentication , 2006, OZCHI '06.

[11]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[12]  Jean-Marc Robert,et al.  Security and usability: the case of the user authentication methods , 2006, IHM '06.

[13]  A. Bandura Social Foundations of Thought and Action: A Social Cognitive Theory , 1985 .

[14]  V. Venkatesh,et al.  AGE DIFFERENCES IN TECHNOLOGY ADOPTION DECISIONS: IMPLICATIONS FOR A CHANGING WORK FORCE , 2000 .

[15]  John Hulland,et al.  Use of partial least squares (PLS) in strategic management research: a review of four recent studies , 1999 .

[16]  James R. Necessary,et al.  An Examination of Cognitive Dissonance and Computer Attitudes , 1996 .

[17]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[18]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[19]  A. Langsford,et al.  OSI management and job transfer services , 1983, Proceedings of the IEEE.

[20]  Michael G. Bailey,et al.  The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems , 2004, CITC5 '04.

[21]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[22]  R. Vallerand Toward A Hierarchical Model of Intrinsic and Extrinsic Motivation , 1997 .

[23]  Peter A. Todd,et al.  Assessing IT usage: the role of prior experience , 1995 .

[24]  Brent Waters,et al.  A convenient method for securely managing passwords , 2005, WWW '05.

[25]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[26]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[27]  R. Kelly Rainer,et al.  The Influence of Individual Differences on Skill in End-User Computing , 1992, J. Manag. Inf. Syst..

[28]  Atreyi Kankanhalli,et al.  Investigation of IS professionals' intention to practise secure development of applications , 2007, Int. J. Hum. Comput. Stud..

[29]  Jakob Nielsen,et al.  Heuristics for User Interface Design , 2006 .

[30]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[31]  Mary Ellen Zurko User-centered security: stepping up to the grand challenge , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[32]  F. Nelson Ford,et al.  Information Security Effectiveness: Conceptualization and Validation of a Theory , 2007, Int. J. Inf. Secur. Priv..

[33]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[34]  John P. Ceraolo Penetration Testing Through Social Engineering , 1996, Inf. Secur. J. A Glob. Perspect..

[35]  M. Angela Sasse,et al.  Pretty good persuasion: a first step towards effective password security in the real world , 2001, NSPW '01.

[36]  Andrew S. Patrick,et al.  HCI and security systems , 2003, CHI Extended Abstracts.

[37]  Joline Morrison,et al.  Using a structured design approach to reduce risks in end user spreadsheet development , 2000, Inf. Manag..

[38]  I. Ajzen The theory of planned behavior , 1991 .

[39]  F. Nelson Ford,et al.  Information security: management's effect on culture and policy , 2006, Inf. Manag. Comput. Secur..

[40]  Kregg Aytes,et al.  Computer Security and Risky Computing Practices: A Rational Choice Perspective , 2004, J. Organ. End User Comput..