Cultural and Gender Differences in Password Behaviors: Evidence from China, Turkey and the UK

A survey investigated the password behaviors of a sample of 202 men and women from three countries with very different cultures: China, Turkey and the UK. The survey covered four areas: the context of password use, password creation, password management and attitudes to passwords. A complex pattern of country and gender differences emerged, with most country differences in the context of password use and password creation behaviors, and gender differences in context of password use, password creation and management behaviors. There was little support for three hypotheses concerning cultural differences in password behaviors derived from the dimensions of Power Distance, Individualism-Collectivism, and Uncertainty Avoidance. However, the results suggest that both cultural background and gender need to be taken into account when studying users' password behaviors.

[1]  Joseph Kaye Self-reported password sharing strategies , 2011, CHI.

[2]  Moshe Zviran,et al.  Password Security: An Empirical Study , 1999, J. Manag. Inf. Syst..

[3]  Bradley L. Kirkman,et al.  A quarter century of Culture's Consequences: a review of empirical research incorporating Hofstede's cultural values framework , 2006 .

[4]  Gunela Astbrink,et al.  Password sharing: implications for security design based on social practice , 2007, CHI.

[5]  Joshua Cook,et al.  Improving password security and memorability to protect personal and organizational information , 2007, Int. J. Hum. Comput. Stud..

[6]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[7]  Peter Hoonakker,et al.  Password Authentication from a Human Factors Perspective: Results of a Survey among End-Users , 2009 .

[8]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[9]  Moshe Zviran,et al.  A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[10]  Bruce L. Riddle,et al.  Passwords in use in a university timesharing environment , 1989, Comput. Secur..

[11]  Hilary Johnson,et al.  Using and managing multiple passwords: A week to a view , 2011, Interact. Comput..

[12]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[13]  Konstantin Beznosov,et al.  Does my password go up to eleven?: the impact of password meters on password selection , 2013, CHI.

[14]  D. Tingley,et al.  “Who are these people?” Evaluating the demographic characteristics and political preferences of MTurk survey respondents , 2015 .

[15]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[16]  Blase Ur,et al.  Measuring password guessability for an entire university , 2013, CCS.

[17]  M. Angela Sasse,et al.  The true cost of unusable password policies: password use in the wild , 2010, CHI.

[18]  Lujo Bauer,et al.  Encountering stronger password requirements: user attitudes and behaviors , 2010, SOUPS.

[19]  Gert Jan Hofstede,et al.  Exploring Culture: Exercises, Stories and Synthetic Cultures , 2002 .

[20]  G. Hofstede,et al.  Culture′s Consequences: International Differences in Work-Related Values , 1980 .

[21]  Clark D. Thomborson,et al.  Passwords and Perceptions , 2009, AISC.

[22]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[23]  Artemios G. Voyiatzis,et al.  An Empirical Study on the Web Password Strength in Greece , 2011, 2011 15th Panhellenic Conference on Informatics.

[24]  Gavriel Salvendy,et al.  Improving computer security for authentication of users: Influence of proactive password restrictions , 2002, Behavior research methods, instruments, & computers : a journal of the Psychonomic Society, Inc.

[25]  Xin Luo,et al.  Improving multiple-password recall: an empirical study , 2009, Eur. J. Inf. Syst..

[26]  Blase Ur,et al.  How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation , 2012, USENIX Security Symposium.

[27]  Lujo Bauer,et al.  Of passwords and people: measuring the effect of password-composition policies , 2011, CHI.

[28]  Alan S. Brown,et al.  Generating and remembering passwords , 2004 .

[29]  Sonia Chiasson,et al.  Writing down your password: Does it help? , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[30]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[31]  John Campbell,et al.  User Behaviours Associated with Password Security and Management , 2006, Australas. J. Inf. Syst..

[32]  Paul C. van Oorschot,et al.  Passwords: If We're So Smart, Why Are We Still Using Them? , 2009, Financial Cryptography.

[33]  Eric Chan-Tin,et al.  Why we hate IT: two surveys on pre-generated and expiring passwords in an academic setting , 2015, Secur. Commun. Networks.

[34]  L. Tam,et al.  The psychology of password management: a tradeoff between security and convenience , 2010, Behav. Inf. Technol..

[35]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[36]  Hongwei Wang,et al.  A Large-scale Survey on Password Habits of Internet Users in China , 2013 .

[37]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[38]  Sydney Gregory,et al.  Culture's consequences: international differences in work-related values , 1982 .

[39]  Kat Krol,et al.  The Great Authentication Fatigue - And How to Overcome It , 2014, HCI.

[40]  Moshe Zviran,et al.  Cognitive passwords: The key to easy access control , 1990, Comput. Secur..