On Password Behaviours and Attitudes in Different Populations


We explore the differences in password behaviours and attitudes of samples of university students, IT professionals, and the general population (non-student and non-IT professional). Currently, text-based password authentication is the most commonly deployed user authentication mechanism, despite numerous alternatives. Passwords are thus a popular research topic, where many password studies are done in universities where the majority of participants are students. Many studies also do not differentiate between IT professionals and others. Thus, we aim to gain insights about the effect of focusing on samples from university students and/or IT professionals. We conducted a 100-participant online user study involving three sessions over days. The study tasks involved password creation and password recall. We also surveyed participant’s password-related behaviours and preferences for different authentication methods. Our results provide insights about the effect of using a large proportion of university students and/or IT professionals in password studies. Our findings should be of interest to the research community and also provide useful data to authentication system designers regarding user preferences and attitudes.

Journal of Information Security and Applications