Volume 9

V9 N2 Pages 4-13

June 2011

Are Password Management Applications Viable? An Analysis of User Training and Reactions

Mark D Ciampa
Western Kentucky University
Bowling Green, KY 42101, USA

Abstract: Passwords have the distinction of being the most widely-used form of authentication--as well as the most vulnerable. With the dramatic increase today in the number of accounts that require passwords, overwhelmed users often resort to creating weak passwords or reusing the same password for multiple accounts, making passwords the weakest link in the chain of security. It has been recognized that instead of solely relying on their memory for passwords, users can take advantage of technology. One such technology is a password management application, which enables a user to create and store multiple passwords in a strongly protected file and then retrieves them as needed, thus alleviating the requirement to memorize numerous passwords. However, few users have chosen to take advantage these applications. Is it because users have rejected them as poor solutions, or because they were unaware of these applications and their potential benefits? Would users be more favorable towards password management applications after they received training about these applications and used them? And what limitations of these applications could be addressed to create more widespread use? To date no studies have provided training to users regarding these applications prior to surveying their reactions to determine if indeed these applications are suitable for use by the average user. This paper describes a study regarding user’s training, use, and perceptions of a password management application.

Keywords: Information Security, passwords, passwords, KeePass

Download this article: ISEDJ - V9 N2 Page 4.pdf

Recommended Citation: Ciampa, M. D. (2011). Are Password Management Applications Viable? An Analysis of User Training and Reactions . Information Systems Education Journal, 9(2) pp 4-13. http://isedj.org/2011-9/ ISSN: 1545-679X. (A preliminary version appears in The Proceedings of ISECON 2010)