Investigating User Behaviours Toward Password Management

Abstract

Due to the sensitivity and importance of passwords used at work, we aim to examine how users behave toward managing their workplace passwords. We conducted a survey on two samples of users: random participants recruited from Prolific and employees of the University of York. The research objectives include investigating different workplace password behaviours, such as reusing, recalling, and expiration. In addition, users' perceptions of some password management practices such as the importance of changing them periodically. Our findings suggest that password strength might not be impacted by enforced expiration policies, either positively or negatively. We also found that nearly half of respondents believed that complying with the password requirement was the most significant consideration when creating their passwords. Moreover, our results indicated that the cyber security training provided by their work was beneficial to them.