individual differences and perceived password security
play

Individual Differences and Perceived Password Security Management - PowerPoint PPT Presentation

Sep 23, 2023 •154 likes •319 views

Individual Differences and Perceived Password Security Management Lin Kyi, Sonia Chiasson, & Elizabeth Stobert Carleton University Ottawa, Canada WAY Workshop 2020 Introduction How password management is perceived can impact security

  1. Individual Differences and Perceived Password Security Management Lin Kyi, Sonia Chiasson, & Elizabeth Stobert Carleton University Ottawa, Canada WAY Workshop 2020

  2. Introduction ● How password management is perceived can impact security behaviours ● Perceived Password Security Management (PPSM): how users assess their own password management habits ● Do relationships exist between users’ individual traits and PPSM? ● We identified some relationships between individual traits and PPSM 2

  3. Background ● Personalizing Security: ○ Reduce mismatch between security education and user understanding by adapting education to user’s needs [1] ○ Users with more confidence in security abilities often behave more securely [2] ● Individual Differences: ○ Account for 5-23% of security behavioural intention variance [3] ○ Some personality traits make people more/less compliant and risk averse [4] 3

  4. Five Factor Model (FFM) ● FFM is the most broadly-used model of personality ○ Related to broader security behaviours [2] ● 5 personality factors: Openness High intellect, imaginative, open to new experiences Conscientiousness Reliable, organized, plans out their actions Extraversion Sociable, dominating, energetic, has a positive affect Agreeableness Altruistic, warm, kind, nurturing Neuroticism (the opposite is Negative affect, prone to quick mood changes, less “Emotional Stability”) emotionally stable 4

  5. Methodology ● We surveyed users on self-reported perceived password security management, and compared these results to their individual traits ○ Individual traits: age, gender, security knowledge, FFM personality scores ● 3-part survey: ○ Demographics: self-reported age, gender identity, self-reported computer security knowledge ○ Perceived Security Management: adapted from Stobert and Biddle’s Password Life Cycle survey [5] ○ International Personality Item Pool Sample 50 Item (IPIP-50) survey : commonly-used personality survey used to assess FFM scores 5

  6. Participants N = 102 ● ● Age: 81% under 40 years old Gender: 49% male, 51% female ● Security knowledge: most claimed to know a bit about security ● Personality mean scores (out of 50): ● ○ Openness: 36.8 Conscientiousness: 33.9 ○ Extroversion: 26.7 ○ ○ Agreeableness: 38.2 Neuroticism: 30.8 ○ Collinearity between certain FFM traits and demographics is normal [2] ● 6

  7. Analysis and Results: Exploratory Factor Analysis ● EFA conducted to identify which aspects of PPSM are related to each other F1: Difficulties with password management 3 items 21.55% variance F2: Self-evaluation of password management 2 items 10.73% F3: Security attention budgeting 3 items 9.75% F4: Perceived need for security 1 item 6.19% F5: Evaluation of vulnerability 1 item 4.94% 7

  8. Analysis and Results: Spearman Correlation (1/2) ● Correlated factors to individual traits (personality, age, gender, security knowledge) ● F1: Difficulties with password management ○ More self-reported security knowledge felt password management was less difficult ( rs (100) = -0.375, p < 0.001) ○ Those who are more Neurotic felt password management was more difficult ( rs (100) = 0.217, p = 0.029) ● F2: Self-evaluation of password management ○ More self-reported security knowledge ( rs (100) = 0.261, p = 0.008), more Conscientious ( rs (100) = 0.305, p = 0.002), and more Open ( rs (100) = 0.198, p = 0.049) more likely to agree they are doing a good job keeping accounts secure 8

  9. Analysis and Results: Spearman Correlation (2/2) ● F3: Security attention budgeting ○ Agreeable ( rs (100) = 0.278, p = 0.005), and Open ( rs (100) = 0.318, p = 0.001) individuals claim to budget their security attention more often ● F4: Perceived need for security ○ Conscientious individuals were more likely to believe there is a greater need for security ( rs (100) = -0.236, p = 0.017) ○ Neurotic individuals were less likely to believe security is needed ( rs (100) = 0.207, p = 0.030) ● F5: Evaluation of vulnerability ○ Younger individuals felt less at-risk for security attacks ( rs (100) = -0.215, p = 0.030) 9 ● No significant findings for gender and extraversion

  10. Results Summary ● Age, self-reported security knowledge, and some personality traits had stronger relationships to PPSM ○ Security knowledge: felt less burdened by password management, believed they were keeping accounts more secure ○ Younger individuals felt less threatened by attacks ○ Agreeable and conscientious individuals are more likely to follow and respect security rules ○ Extraversion, openness, and neuroticism findings are less clear 10

  11. Targeted Security Recommendations ● Advice on abstract ideas about good password management ○ Factor 1: Difficulties with password management ● Keep up to date with security recommendations ○ Factor 2: Self-evaluation of password management ● Guidance on how to assess the value of their accounts ○ Factor 3: Security attention budgeting ● Education focusing on understanding security threats ● Fear appeals to improve mental models and behaviours ○ Factor 4: Perceived Need for Security ○ Factor 5: Evaluation of vulnerability 11

  12. Discussion ● Relationships between PPSM and individual traits were less clear than expected ● Password Life Cycle questionnaire less-validated than FFM ○ Measuring password management perceptions is difficult ● Security may produce a floor effect ○ Password management is difficult for almost everyone 12

  13. Conclusion ● We identified relationships for age, some personality traits, and security knowledge in relation to PPSM ● Personality traits may not be a reliable indicator of success in password management ● Future work might look at password behaviours instead of perceptions ● This is a work in progress - let us know if you have suggestions! 13

  14. References 1. Farzaneh Asgharpour, Debin Liu, and L Jean Camp. Mental models of security risks. In International Conference on Financial Cryptography and Data Security , pages 367–377. Springer, 2007. 2. Margaret Gratian, Sruthi Bandi, Michel Cukier, Josiah Dykstra, and Amy Ginther. Correlating human traits and cyber security behavior intentions. Computers & Security, 73: 345–358, 2018. 3. Florence Mwagwabi, Tanya McGill, and Michael Dixon. Improving compliance with password guidelines: How user perceptions of passwords and security threats affect compliance with guidelines. In 2014 47th Hawaii International Conference on System Sciences , pages 3188– 3197, January 2014. 4. Serge Egelman and Eyal Peer. The myth of the average user: Improving privacy and security systems through individualization. In Proceedings of the 2015 New Security Paradigms Workshop , pages 16–28, 2015. 5. Elizabeth Stobert and Robert Biddle. The password life cycle. ACM Transactions on Privacy and Security (TOPS) , 21(3):13, 2018. 14

  15. Thanks for listening! Questions? Feel free to contact me at Lin.Kyi@carleton.ca 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

6. Individual Differences Differences: Big Questions Are some differences changeable and

6. Individual Differences Differences: Big Questions Are some differences changeable and

6. Individual Differences Differences: Big Questions Are some differences changeable and how much? What effect does community and environment play? What can teachers do to accommodate differences? 6.1 The Nature-Nurture

742 views • 52 slides
Personality and Individual Differences journal homepage: www.elsevier.com/locate/paid

Personality and Individual Differences journal homepage: www.elsevier.com/locate/paid

Personality and Individual Differences 54 (2013) 402407 Contents lists available at SciVerse ScienceDirect Personality and Individual Differences journal homepage: www.elsevier.com/locate/paid Self-presentation and belonging on Facebook: How

245 views • 6 slides
perceived vulnerability and perceived risk: Implications for health theory and interventions

perceived vulnerability and perceived risk: Implications for health theory and interventions

Differences between perceived vulnerability and perceived risk: Implications for health theory and interventions Jennifer J. Harman, PhD Colorado State University 2005-2010 Assistant Professor, Applied Social Psychology Colorado State

439 views • 32 slides
How to test them, &amp; how to test them well Individual Differences &amp; Item Effects

How to test them, &amp; how to test them well Individual Differences &amp; Item Effects

Individual Differences &amp; Item Effects: How to test them, &amp; how to test them well Individual Differences &amp; Item Effects Properties of subjects Properties of items Cognitive abilities (WM Lexical frequency task scores, inhibition)

664 views • 39 slides
Angular Embedding: from Jarring Intensity Differences to Perceived Luminance Stella X. Yu

Angular Embedding: from Jarring Intensity Differences to Perceived Luminance Stella X. Yu

Angular Embedding: from Jarring Intensity Differences to Perceived Luminance Stella X. Yu Computer Science Boston College Acknowledgements: Edward H. Adelson Clare Boothe Luce Professorship NSF CAREER IIS-0644204 IEEE Conference on Computer

373 views • 15 slides
Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Security Protocols Workshop Cambridge, UK

Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Security Protocols Workshop Cambridge, UK

S TATISTICAL METRICS FOR INDIVIDUAL PASSWORD STRENGTH Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Security Protocols Workshop Cambridge, UK April 12, 2012 Joseph Bonneau (University of Cambridge) Individual password strength

361 views • 21 slides
The perceived impact of external evaluation: the organisation vs the individual Riin Seema, Maiki

The perceived impact of external evaluation: the organisation vs the individual Riin Seema, Maiki

The perceived impact of external evaluation: the organisation vs the individual Riin Seema, Maiki Udam, Heli Mattisen, Liia Lauri Outline The Estonian context Aims of the study Method Results Conclusion 2 The Estonian agency

482 views • 21 slides
Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password management policies. ~ Trustwave Each year, over 125 millions hours of productivity are lost due to passwords management problematics. ~

950 views • 25 slides
Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M. Martin Aaron G. Cass March 3, 2018 Introduction 01 Human Computer Interface Security (HCIsec) 02 Password Problem 03 Graphical User

633 views • 31 slides
2/3/20 Based on an outline by Simine Vazire, PhD, 2014 A. Personality: Individual differences in

2/3/20 Based on an outline by Simine Vazire, PhD, 2014 A. Personality: Individual differences in

2/3/20 Based on an outline by Simine Vazire, PhD, 2014 A. Personality: Individual differences in characteristic patterns of thinking, feeling, and behaving 1. Thinking : Personality includes differences between people in how they typically

763 views • 35 slides
Exploring differences in financial literacy across countries: the role of individual

Exploring differences in financial literacy across countries: the role of individual

Exploring differences in financial literacy across countries: the role of individual characteristics, experience, and institutions Andrej Cup ak Pirmin Fessler Maria Silgoner Elisabeth Ulbrich National Bank of Oesterreichische

526 views • 24 slides
Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with

Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with

1 Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with the issues that affect usability and interaction for different individual and groups of people Know the basic tools for designing interactive

525 views • 26 slides
Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research Zurich based on joint work with Jan Camenisch, Anna Lysyanskaya &amp; Gregory Neven ROADMAP Password-Based Authentication How to make password

1.43k views • 43 slides
Individual Differences: The Structure and Measure of Cognitive Abilities III: Creativity Dr.

Individual Differences: The Structure and Measure of Cognitive Abilities III: Creativity Dr.

Individual Differences: The Structure and Measure of Cognitive Abilities III: Creativity Dr. Simon Sherwood covering for Dr. David Luke Aims of the lecture 1. The Concept of Creativity what is it? 2. Approaches to the study of creativity

586 views • 46 slides
On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis Defense, Bochum, Germany, May 29, 2019 User Authentication Competing requirements of security and usability . [1] Common Factors: Knowledge ( Password ,

619 views • 34 slides
You still use the password after all Exploring FIDO2 Security Keys in a Small Company

You still use the password after all Exploring FIDO2 Security Keys in a Small Company

You still use the password after all Exploring FIDO2 Security Keys in a Small Company Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Drmuth Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)

571 views • 11 slides
Neuroticism a competitive advantage (also) for IVAs? Christoph Hermann 1 , Helmuth Melcher 1 ,

Neuroticism a competitive advantage (also) for IVAs? Christoph Hermann 1 , Helmuth Melcher 1 ,

Neuroticism a competitive advantage (also) for IVAs? Christoph Hermann 1 , Helmuth Melcher 1 , Stefan Rank 1 Robert Trappl 1,2 Robert.Trappl@ofai.at 2 Institute for Medical Cybernetics &amp; AI 1 Austrian Research Institute Center for Brain

255 views • 12 slides
Uploader distribution 5 26 Nov 2012 TRECVID Workshop Information gain by uploader

Uploader distribution 5 26 Nov 2012 TRECVID Workshop Information gain by uploader

Improving the TRECVID SIN runs with the uploader model Bernard Merialdo, Usman Niaz EURECOM, France TRECVID Workshop, 26 Nov 2012 Who is einfeldt@gmail.com ? Uploaded the video e-dv251_salk_2a_thomas_bartol_001 (also TRECVID2010_1053)

322 views • 10 slides
Your success during the school year will be determined by what you do on the first days of

Your success during the school year will be determined by what you do on the first days of

&quot;Your First Class: How to Make it First Class&quot; Billy Strean, Ph.D. 3M National Teaching Fellow Faculty of Kinesiology, Sport , &amp; Recreation August 22, 2019 Your success during the school year will be determined by what you do

483 views • 22 slides
Using Clouds to address Grid Limitations Giacomo Mc Evoy 1 Bruno Schulze 1 1 National Laboratory

Using Clouds to address Grid Limitations Giacomo Mc Evoy 1 Bruno Schulze 1 1 National Laboratory

Introduction Theoretical approach to Clouds Application of Clouds Summary Thanks Using Clouds to address Grid Limitations Giacomo Mc Evoy 1 Bruno Schulze 1 1 National Laboratory for Scientific Computing (LNCC) 6th International Workshop on

320 views • 19 slides
Fabio Celli fabio.celli@unitn.it Unsupervised Personality Recognition from Text: Possible

Fabio Celli fabio.celli@unitn.it Unsupervised Personality Recognition from Text: Possible

Fabio Celli fabio.celli@unitn.it Unsupervised Personality Recognition from Text: Possible Applications Sep 16, 2014 Fabio Celli fabio.celli@unitn.it Unsupervised Personality Recognition from Text: Possible Applications -what is personality?

803 views • 57 slides
PLANNING FOR AGILITY A PARADOX? Ren Rohrbeck, Professor of Strategy DEPARTMENT OF

PLANNING FOR AGILITY A PARADOX? Ren Rohrbeck, Professor of Strategy DEPARTMENT OF

PLANNING FOR AGILITY A PARADOX? Ren Rohrbeck, Professor of Strategy DEPARTMENT OF MANAGEMENT REN ROHRBECK AARHUS UNIVERSITY JUNE 2018 PROFESSOR OF STRATEGY Prof. Dr. Rene Rohrbeck Professor of Strategy Aarhus BSS, Aarhus University

285 views • 11 slides
A Fundamental Sign: Exodus &amp; the Passover Ritual The Telling Producing Cultural Memory

A Fundamental Sign: Exodus &amp; the Passover Ritual The Telling Producing Cultural Memory

10/18/17 Class 4c/5a A Fundamental Sign: Exodus &amp; the Passover Ritual The Telling Producing Cultural Memory Artists tap popular cultural memory by Localizing the story Identifying the characters Characterizing their motives

429 views • 6 slides
Encouraging Innovation David Mayle Head of the Centre for Innovation, Knowledge, and Enterprise

Encouraging Innovation David Mayle Head of the Centre for Innovation, Knowledge, and Enterprise

Encouraging Innovation David Mayle Head of the Centre for Innovation, Knowledge, and Enterprise d.t.mayle@open.ac.uk For every complex problem, there is a solution that is simple, neat, and wrong. H. L. Mencken 2 Definitions The United

670 views • 64 slides

More recommend