E-Book Overview
Most organisations try to protect their systems from unauthorised access, usually through passwords. Considerable resources are spent designing secure authentication mechanisms, but the number of security breaches and problems is still increasing (DeAlvare, 1990; Gordon, 1995; Hitchings, 1995). Unauthorised access to systems, and resulting theft of information or misuse of the system, is usually due to hackers "cracking" user passwords, or obtaining them through social engineering. System security, unlike other fields of system development, has to date been regarded as an entirely technical issue - little research has been done on usability or human factors related to use of security mechanisms. Hitchings (1995) concludes that this narrow perspective has produced security mechanisms which are much less effective than they are generally thought to be. Davis & Price (1987) point out that, since security is designed, implemented, used and breached by people, human factors should be considered in the design of security mechanism. It seems that currently hackers pay more attention to human factors than security designers do. The technique of social engineering, for instanc- obtaining passwords by deception and persuasion- exploits users' lack of security awareness. Hitchings (1995) also suggests that organisational factors ought to be considered when assessing security systems. The aim of the study described in this paper was to identify usability and organisational factors which affect the use of passwords. The following section provides a brief overview of authentication systems along with usability and organisational issues which have been identified to date. 1.
E-Book Content
People and Computers XII
Springer-Verlag London Ltd.
H. Thimbleby, B. O'Conaill and P. J. Thomas (Eds)
People and Computers XII Proceedings of HCI'97
i
Springer
Harold Thimbleby Middlesex University Bounds Green Road London Nll 2NQ, UK Brid O'Conaill Hewlett-Packard Research Laboratories Pilton Road Stoke Gifford Bristol, BS16 6QZ, UK Peter J. Thomas Centre for Personal Information Management University of West of England Coldharbour Lane, Bristol BS16 lQY, UK
ISBN 978-3-540-76172-3
British Library Cataloguing in Publication Data People and computers XII: proceedings ofHCI '97 1. Human-computer interaction- Congresses I. Thimbleby, Harold II. O'Conaill, Brid Ill. Thomas, Peter J. IV. British Computer Society 004' .019 ISBN 978-1-4471-3601-9 (eBook) ISBN 978-3-540-76172-3 DOI 10.1007/978-1-4471-3601-9
Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the Library of Congress Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publishers. ©Springer-Verlag London 1997 Originally published by Springer-Verlag London Limited in 1997 The use of registered names, trademarks etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant laws and regulations and therefore free for general use. The publisher makes no representation, express or implied, with regard to the accuracy of the information contained in this book and cannot accept any legal responsibility or liability for any errors or omissions that may be made. Typesetting: Camera-ready by author 34/3830-543210 Printed on acid-free paper
Contents<