User Resistance to Password Security Explored

Though most organizations have policies and guidelines to protect their information systems from unauthorized access, research has shown that employee compliance is often a problem.

“Even if the policies are mandatory, individual perceptions, interpretations, and behavior vary within the process of complying,” said France Belanger, Pamplin College of Business accounting and information systems professor at Virginia Tech.

Belanger and three Pamplin doctoral students completed a new study exploring the attitudes and “resistance behavior” of individuals faced with a required information technology security change. Previous studies, she said, largely focused on voluntary behavior.

Using Virginia Tech as a case study, Belanger and her team — Eric Negangard and Kathy Enget (accounting and information systems) and Stephane Collignon (business information technology) — surveyed undergraduate and graduate students, faculty members, staff, and administrators at Virginia Tech. The university required its information systems account holders to change their passwords by July 1, 2011, after evaluating password practices in the wake of recurring security problems. Accounts would not be accessible with old passwords after the deadline.

Managers who develop and implement information security procedures may find some useful lessons about change management in the study, Belanger said. It highlights the role of user awareness of the security change in influencing user attitudes toward the change and shows the relative importance of various organizational measures to publicize the change.

Featured

  • Until We Meet Again

    A short three years ago we were all pondering whether to attend any tradeshows all thanks to COVID-19. Sorry to bring that nightmare up again, but it seems that little pandemic is in the rear-view mirror, and it’s time to meet again. Read Now

    • ISC West
  • Cyber Hygiene: What it Looks Like for IoT Devices

    Cyber Hygiene: What it Looks Like for IoT Devices

    For our second pillar about the Industrial Internet of Things (IIoT) Pillars of Security, we are going to discuss what cyber hygiene looks like for IoT devices. Read Now

  • ISC West Announces 2023 Keynote Series Speaker Lineup

    The International Security Conference (ISC), in collaboration with premier sponsor Security Industry Association (SIA), announced five of this year’s ISC West Keynote Series speakers. ISC West will kick off its annual conference on March 28 (SIA Education@ISC: March 28-30 | Exhibit Hall: March 29-31) at the Venetian Expo in Las Vegas, Nevada. Read Now

    • ISC West
  • Accelerating Security Modernization

    In recent years, the term “digital transformation” has been one of the most frequently used buzzwords across industries. On its most basic level, it refers to the reimagining of how an organization leverages its technology systems to improve business processes. Read Now

Featured Cybersecurity

New Products

  • SAFR® from RealNetworks

    SAFR® from RealNetworks

    A unique feature in SAFR version 3.4 is its ability to automate alerts to security personnel when a spoofing attempt or a fraudulent attempt to gain access is detected. 3

  • VideoEdge 2U High Capacity Network Video Recorder

    VideoEdge 2U High Capacity Network Video Recorder

    Johnson Controls announces a powerful recording solution to meet demanding requirements with its VideoEdge 2U High Capacity Network Video Recorder. This solution combines the powerful capabilities of victor with the intelligence of VideoEdge NVRs, fueled by Tyco Artificial Intelligence, for video management that provides actionable insights to save time, money and lives. 3

  • ALTO Neoxx Electronic Padlock

    ALTO Neoxx Electronic Padlock

    Built to withstand all access control needs, the tough new SALTO Neoxx electronic padlock takes security beyond your expectations. 3