individual differences and perceived password security
play

Individual Differences and Perceived Password Security Management - PowerPoint PPT Presentation

Sep 23, 2023 •154 likes •319 views

Individual Differences and Perceived Password Security Management Lin Kyi, Sonia Chiasson, & Elizabeth Stobert Carleton University Ottawa, Canada WAY Workshop 2020 Introduction How password management is perceived can impact security

  1. Individual Differences and Perceived Password Security Management Lin Kyi, Sonia Chiasson, & Elizabeth Stobert Carleton University Ottawa, Canada WAY Workshop 2020

  2. Introduction ● How password management is perceived can impact security behaviours ● Perceived Password Security Management (PPSM): how users assess their own password management habits ● Do relationships exist between users’ individual traits and PPSM? ● We identified some relationships between individual traits and PPSM 2

  3. Background ● Personalizing Security: ○ Reduce mismatch between security education and user understanding by adapting education to user’s needs [1] ○ Users with more confidence in security abilities often behave more securely [2] ● Individual Differences: ○ Account for 5-23% of security behavioural intention variance [3] ○ Some personality traits make people more/less compliant and risk averse [4] 3

  4. Five Factor Model (FFM) ● FFM is the most broadly-used model of personality ○ Related to broader security behaviours [2] ● 5 personality factors: Openness High intellect, imaginative, open to new experiences Conscientiousness Reliable, organized, plans out their actions Extraversion Sociable, dominating, energetic, has a positive affect Agreeableness Altruistic, warm, kind, nurturing Neuroticism (the opposite is Negative affect, prone to quick mood changes, less “Emotional Stability”) emotionally stable 4

  5. Methodology ● We surveyed users on self-reported perceived password security management, and compared these results to their individual traits ○ Individual traits: age, gender, security knowledge, FFM personality scores ● 3-part survey: ○ Demographics: self-reported age, gender identity, self-reported computer security knowledge ○ Perceived Security Management: adapted from Stobert and Biddle’s Password Life Cycle survey [5] ○ International Personality Item Pool Sample 50 Item (IPIP-50) survey : commonly-used personality survey used to assess FFM scores 5

  6. Participants N = 102 ● ● Age: 81% under 40 years old Gender: 49% male, 51% female ● Security knowledge: most claimed to know a bit about security ● Personality mean scores (out of 50): ● ○ Openness: 36.8 Conscientiousness: 33.9 ○ Extroversion: 26.7 ○ ○ Agreeableness: 38.2 Neuroticism: 30.8 ○ Collinearity between certain FFM traits and demographics is normal [2] ● 6

  7. Analysis and Results: Exploratory Factor Analysis ● EFA conducted to identify which aspects of PPSM are related to each other F1: Difficulties with password management 3 items 21.55% variance F2: Self-evaluation of password management 2 items 10.73% F3: Security attention budgeting 3 items 9.75% F4: Perceived need for security 1 item 6.19% F5: Evaluation of vulnerability 1 item 4.94% 7

  8. Analysis and Results: Spearman Correlation (1/2) ● Correlated factors to individual traits (personality, age, gender, security knowledge) ● F1: Difficulties with password management ○ More self-reported security knowledge felt password management was less difficult ( rs (100) = -0.375, p < 0.001) ○ Those who are more Neurotic felt password management was more difficult ( rs (100) = 0.217, p = 0.029) ● F2: Self-evaluation of password management ○ More self-reported security knowledge ( rs (100) = 0.261, p = 0.008), more Conscientious ( rs (100) = 0.305, p = 0.002), and more Open ( rs (100) = 0.198, p = 0.049) more likely to agree they are doing a good job keeping accounts secure 8

  9. Analysis and Results: Spearman Correlation (2/2) ● F3: Security attention budgeting ○ Agreeable ( rs (100) = 0.278, p = 0.005), and Open ( rs (100) = 0.318, p = 0.001) individuals claim to budget their security attention more often ● F4: Perceived need for security ○ Conscientious individuals were more likely to believe there is a greater need for security ( rs (100) = -0.236, p = 0.017) ○ Neurotic individuals were less likely to believe security is needed ( rs (100) = 0.207, p = 0.030) ● F5: Evaluation of vulnerability ○ Younger individuals felt less at-risk for security attacks ( rs (100) = -0.215, p = 0.030) 9 ● No significant findings for gender and extraversion

  10. Results Summary ● Age, self-reported security knowledge, and some personality traits had stronger relationships to PPSM ○ Security knowledge: felt less burdened by password management, believed they were keeping accounts more secure ○ Younger individuals felt less threatened by attacks ○ Agreeable and conscientious individuals are more likely to follow and respect security rules ○ Extraversion, openness, and neuroticism findings are less clear 10

  11. Targeted Security Recommendations ● Advice on abstract ideas about good password management ○ Factor 1: Difficulties with password management ● Keep up to date with security recommendations ○ Factor 2: Self-evaluation of password management ● Guidance on how to assess the value of their accounts ○ Factor 3: Security attention budgeting ● Education focusing on understanding security threats ● Fear appeals to improve mental models and behaviours ○ Factor 4: Perceived Need for Security ○ Factor 5: Evaluation of vulnerability 11

  12. Discussion ● Relationships between PPSM and individual traits were less clear than expected ● Password Life Cycle questionnaire less-validated than FFM ○ Measuring password management perceptions is difficult ● Security may produce a floor effect ○ Password management is difficult for almost everyone 12

  13. Conclusion ● We identified relationships for age, some personality traits, and security knowledge in relation to PPSM ● Personality traits may not be a reliable indicator of success in password management ● Future work might look at password behaviours instead of perceptions ● This is a work in progress - let us know if you have suggestions! 13

  14. References 1. Farzaneh Asgharpour, Debin Liu, and L Jean Camp. Mental models of security risks. In International Conference on Financial Cryptography and Data Security , pages 367–377. Springer, 2007. 2. Margaret Gratian, Sruthi Bandi, Michel Cukier, Josiah Dykstra, and Amy Ginther. Correlating human traits and cyber security behavior intentions. Computers & Security, 73: 345–358, 2018. 3. Florence Mwagwabi, Tanya McGill, and Michael Dixon. Improving compliance with password guidelines: How user perceptions of passwords and security threats affect compliance with guidelines. In 2014 47th Hawaii International Conference on System Sciences , pages 3188– 3197, January 2014. 4. Serge Egelman and Eyal Peer. The myth of the average user: Improving privacy and security systems through individualization. In Proceedings of the 2015 New Security Paradigms Workshop , pages 16–28, 2015. 5. Elizabeth Stobert and Robert Biddle. The password life cycle. ACM Transactions on Privacy and Security (TOPS) , 21(3):13, 2018. 14

  15. Thanks for listening! Questions? Feel free to contact me at Lin.Kyi@carleton.ca 15

Recommend

6. Individual Differences Differences: Big Questions Are some differences changeable and

6. Individual Differences Differences: Big Questions Are some differences changeable and

6. Individual Differences Differences: Big Questions Are some differences changeable and how much? What effect does community and environment play? What can teachers do to accommodate differences? 6.1 The Nature-Nurture

742 views • 52 slides
Personality and Individual Differences journal homepage: www.elsevier.com/locate/paid

Personality and Individual Differences journal homepage: www.elsevier.com/locate/paid

Personality and Individual Differences 54 (2013) 402407 Contents lists available at SciVerse ScienceDirect Personality and Individual Differences journal homepage: www.elsevier.com/locate/paid Self-presentation and belonging on Facebook: How

245 views • 6 slides
perceived vulnerability and perceived risk: Implications for health theory and interventions

perceived vulnerability and perceived risk: Implications for health theory and interventions

Differences between perceived vulnerability and perceived risk: Implications for health theory and interventions Jennifer J. Harman, PhD Colorado State University 2005-2010 Assistant Professor, Applied Social Psychology Colorado State

439 views • 32 slides
How to test them, &amp; how to test them well Individual Differences &amp; Item Effects

How to test them, &amp; how to test them well Individual Differences &amp; Item Effects

Individual Differences &amp; Item Effects: How to test them, &amp; how to test them well Individual Differences &amp; Item Effects Properties of subjects Properties of items Cognitive abilities (WM Lexical frequency task scores, inhibition)

664 views • 39 slides
Angular Embedding: from Jarring Intensity Differences to Perceived Luminance Stella X. Yu

Angular Embedding: from Jarring Intensity Differences to Perceived Luminance Stella X. Yu

Angular Embedding: from Jarring Intensity Differences to Perceived Luminance Stella X. Yu Computer Science Boston College Acknowledgements: Edward H. Adelson Clare Boothe Luce Professorship NSF CAREER IIS-0644204 IEEE Conference on Computer

373 views • 15 slides
Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Security Protocols Workshop Cambridge, UK

Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Security Protocols Workshop Cambridge, UK

S TATISTICAL METRICS FOR INDIVIDUAL PASSWORD STRENGTH Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Security Protocols Workshop Cambridge, UK April 12, 2012 Joseph Bonneau (University of Cambridge) Individual password strength

361 views • 21 slides
The perceived impact of external evaluation: the organisation vs the individual Riin Seema, Maiki

The perceived impact of external evaluation: the organisation vs the individual Riin Seema, Maiki

The perceived impact of external evaluation: the organisation vs the individual Riin Seema, Maiki Udam, Heli Mattisen, Liia Lauri Outline The Estonian context Aims of the study Method Results Conclusion 2 The Estonian agency

482 views • 21 slides
Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password management policies. ~ Trustwave Each year, over 125 millions hours of productivity are lost due to passwords management problematics. ~

950 views • 25 slides
Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M. Martin Aaron G. Cass March 3, 2018 Introduction 01 Human Computer Interface Security (HCIsec) 02 Password Problem 03 Graphical User

633 views • 31 slides
2/3/20 Based on an outline by Simine Vazire, PhD, 2014 A. Personality: Individual differences in

2/3/20 Based on an outline by Simine Vazire, PhD, 2014 A. Personality: Individual differences in

2/3/20 Based on an outline by Simine Vazire, PhD, 2014 A. Personality: Individual differences in characteristic patterns of thinking, feeling, and behaving 1. Thinking : Personality includes differences between people in how they typically

763 views • 35 slides
Exploring differences in financial literacy across countries: the role of individual

Exploring differences in financial literacy across countries: the role of individual

Exploring differences in financial literacy across countries: the role of individual characteristics, experience, and institutions Andrej Cup ak Pirmin Fessler Maria Silgoner Elisabeth Ulbrich National Bank of Oesterreichische

527 views • 24 slides
Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with

Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with

1 Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with the issues that affect usability and interaction for different individual and groups of people Know the basic tools for designing interactive

525 views • 26 slides
Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research Zurich based on joint work with Jan Camenisch, Anna Lysyanskaya &amp; Gregory Neven ROADMAP Password-Based Authentication How to make password

1.43k views • 43 slides
Individual Differences: The Structure and Measure of Cognitive Abilities III: Creativity Dr.

Individual Differences: The Structure and Measure of Cognitive Abilities III: Creativity Dr.

Individual Differences: The Structure and Measure of Cognitive Abilities III: Creativity Dr. Simon Sherwood covering for Dr. David Luke Aims of the lecture 1. The Concept of Creativity what is it? 2. Approaches to the study of creativity

586 views • 46 slides
On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis Defense, Bochum, Germany, May 29, 2019 User Authentication Competing requirements of security and usability . [1] Common Factors: Knowledge ( Password ,

619 views • 34 slides
You still use the password after all Exploring FIDO2 Security Keys in a Small Company

You still use the password after all Exploring FIDO2 Security Keys in a Small Company

You still use the password after all Exploring FIDO2 Security Keys in a Small Company Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Drmuth Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)

571 views • 11 slides
Individual Differences in Adaptation to Work Dissatisfaction Joseph G. Rosse Stacy L. Saturay

Individual Differences in Adaptation to Work Dissatisfaction Joseph G. Rosse Stacy L. Saturay

Individual Differences in Adaptation to Work Dissatisfaction Joseph G. Rosse Stacy L. Saturay University of Colorado at Boulder Presented at the 2004 meeting of the Western Academy of Management, April 1- 4, Anchorage, Alaska Abstract This

792 views • 29 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength &amp; Cracking Roadmap Password Authentication How Passwords are

512 views • 32 slides
Individual differences in phoneme categorization Effie Kapnoula, Bob McMurray, Eunjong Kong,

Individual differences in phoneme categorization Effie Kapnoula, Bob McMurray, Eunjong Kong,

Individual differences in phoneme categorization Effie Kapnoula, Bob McMurray, Eunjong Kong, Matthew Winn, &amp; Jan Edwards 19th Mid-Continental Phonetics &amp; Phonology Conference The problem of lack of invariance There is no one-to-one

884 views • 53 slides
POLI 100M: Poli-cal Psychology Lecture 2: Individual Differences Taylor N. Carlson

POLI 100M: Poli-cal Psychology Lecture 2: Individual Differences Taylor N. Carlson

POLI 100M: Poli-cal Psychology Lecture 2: Individual Differences Taylor N. Carlson Beenstr@ucsd.edu Announcements Grade contracts due on Tuesday! Any ques-ons about this? Remember that you must complete 1 reading commentary per week,

774 views • 61 slides
Predictors of Individual Differences in Productive Vocabulary and Their Ability to Identify Late

Predictors of Individual Differences in Productive Vocabulary and Their Ability to Identify Late

Predictors of Individual Differences in Productive Vocabulary and Their Ability to Identify Late Talking Toddlers Lana Jago lsjago@liverpool.ac.uk Late Talkers Early delay in productive language (Rescorla 1989) Identified between 18-35 months

610 views • 16 slides
Understanding Individual Differences and Group Strengths Lindsey Balidoy UC Davis Student Bad

Understanding Individual Differences and Group Strengths Lindsey Balidoy UC Davis Student Bad

Understanding Individual Differences and Group Strengths Lindsey Balidoy UC Davis Student Bad River Ojibwe &amp; Tiwa Pueblo What is the Medicine Wheel? Many different meanings and interpretations depending on the tribe, well be looking

527 views • 13 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

927 views • 10 slides
Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools &amp; Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength &amp; Cracking Roadmap Password

750 views • 31 slides

More recommend