White Rose University Consortium logo
University of Leeds logo University of Sheffield logo York University logo

Understanding and measuring password management behaviour

Merdenyan, Burak (2019) Understanding and measuring password management behaviour. PhD thesis, University of York.

This is the latest version of this item.

[img] Text
Merdenyan_201026437_CorrectedThesisClean.pdf - Examined Thesis (PDF)
Restricted Embargoed (until expiry date or permanently).


Recent research has shown that people continue to exhibit risky password behaviour despite public advice campaigns on secure password behaviour. However, little attention has been given to understand why people persist in risky password behaviour, and how people perceive the risks and the benefits when they undertake password related activities. In this programme of research, I conducted five studies to understand people’s risk perceptions on password related activities; both qualitative and quantitative methodologies were employed, particularly online surveys using the Mechanical Turk crowdsourcing service. To check whether respondents were susceptible to social desirability in their answers, they completed the short version of Marlowe-Crowne social desirability scale. I also gathered feedback from senior researchers working in the area of usable security, to assess whether the range of behaviours and domains represented a good coverage of the password management space. The research makes a number of contributions, including a greater understanding of people’s password management behaviour, including generational differences in these behaviours; people’s perceptions of the risks of a range of password management behaviours; and the relationships between the perceptions of risk, benefit, and the likelihood of engaging in different password management activities. The research also presents valuable information to help researchers and usable security practitioners understand how people’s perceptions affect their management of their passwords. Finally, this programme of research proposes an initial version of a scale for assessing the perception of the risks of different password management behaviour. Future work is required to appropriately validate the scale. It can then be used in further research to investigate people’s understanding of and attitudes towards risk in the area of password management.

Item Type: Thesis (PhD)
Keywords: password management, password behaviour, usable security, generational differences, risk perception, cybersecurity
Academic Units: The University of York > Computer Science (York)
Depositing User: Mr Burak Merdenyan
Date Deposited: 22 May 2020 15:58
Last Modified: 22 May 2020 15:58
URI: http://etheses.whiterose.ac.uk/id/eprint/26903

Available Versions of this Item

  • Understanding and measuring password management behaviour. (deposited 22 May 2020 15:58) [Currently Displayed]

You can contact us about this thesis. If you need to make a general enquiry, please see the Contact us page.

Actions (repository staff only: login required)