Use this URL to cite or link to this record in EThOS:
Title: Improving password system effectiveness
Author: Brostoff, Alexander
ISNI:       0000 0001 3482 580X
Awarding Body: University of London
Current Institution: University College London (University of London)
Date of Award: 2005
Availability of Full Text:
Access through EThOS:
Full text unavailable from EThOS. Please try the link below.
Access through Institution:
As computers reach more aspects of our everyday life, so too do the passwords that keep them secure. Coping with these passwords can be a problem for many individuals and organisations who have to deal with the consequences of passwords being forgotten, yet little is known of this issue. This thesis considers the effectiveness of password authentication systems for three groups of stakeholders including users, support staff, and system owners. The initial problem of how to create memorable but secure passwords is reconceptualised as how to improve password system effectiveness. Interview, questionnaire, and system log studies in BT, and experiments at UCL-CS confirm some basic hypotheses about key variables impacting performance, and show that other variables than the memorability of password content are also important which have hitherto not figured in security research and practice. Interventions based on these findings are proposed. Empirical evaluation suggests that the interventions proposed that 'redesign' the user but exclude other parts of the system would fail. Reason's (1990) Generic Error Modelling System (GEMS) is used as a basis for modelling password system performance at the level of individual users. GEMS and the Basic Elements of Production are used generalise these findings, and for the first time to model information security. This new model, "Elevation", is validated by expert review, and a modified version is presented.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available