Personality, culture and password behavior: a relationship study

Culture - an aggregation of people's location, language, tribe and economic activities might have a role to play in the security decisions of users. Culture in this context is even more relevant in most African societies as there are many ethnic groups. Studies on users' password behavior have seen some advances, but little is known of the relationship between people's password behaviors, their personality and cultural backgrounds. In this paper, we report a study of the relationship between passwords and personality of the users. We also analyzed culture (via ethnic grouping) to determine its relationship with password strength. The results of the study of 230 participants indicate that although there exists a relationship between personality of users and their passwords behavior, it is quite weak and mainly negatively related except for participants high in agreeableness (cooperative) traits, hence might create stronger passwords. In addition, most participants (93%) created weak passwords, notwithstanding, participants who have defined themselves as belonging to Hausa tend to create better passwords than Nupe and Gbagyi ethnic group participants.

[1]  Elizabeth Stobert,et al.  The Password Life Cycle: User Behaviour in Managing Passwords , 2014, SOUPS.

[2]  A. Kroeber,et al.  Culture, a critical review of concepts and definitions , 1953 .

[3]  John Campbell,et al.  User Behaviours Associated with Password Security and Management , 2006, Australas. J. Inf. Syst..

[4]  Thomas Groß,et al.  Effect of Cognitive Effort on Password Choice , 2016, WAY@SOUPS.

[5]  Dieter Gollmann,et al.  Computer security , 2010, Worlwide series in computer cience.

[6]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[7]  Gwenda R. Greene Assessing the Impact of Security Culture and the Employee-Organization Relationship on IS Security Compliance I , 2010 .

[8]  O. John,et al.  Measuring personality in one minute or less: A 10-item short version of the Big Five Inventory in English and German , 2007 .

[9]  Kiemute Oyibo,et al.  The Influence of Personality on Mobile Web Credibility , 2017, UMAP.

[10]  Robert Biddle,et al.  A Usability Study and Critique of Two Password Managers , 2006, USENIX Security Symposium.

[11]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[12]  Rita Orji,et al.  Persuasion and Culture: Individualism-Collectivism and Susceptibility to Influence Strategies , 2016, PPT@PERSUASIVE.

[13]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[14]  Daniel Lowe Wheeler zxcvbn: Low-Budget Password Strength Estimation , 2016, USENIX Security Symposium.

[15]  Akira Yamada,et al.  Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior , 2017, CHI.

[16]  Elmarie Kritzinger,et al.  The influence of national culture on information security culture , 2016, 2016 IST-Africa Week Conference.

[17]  S. Srivastava,et al.  The Big Five Trait taxonomy: History, measurement, and theoretical perspectives. , 1999 .