Empirical results of an experimental study on the role of password strength and cognitive load on employee productivity

The demand or information system authentication has significantly increased over the last decade. Research has shown that the majority of user authentications remain to be password - based,however,itiswelldocumentedthatpasswordshavesignificantlimitations.Toaddress this issue,companieshavebeenplacingincreasedrequirementsontheusertoensuretheir passwords are more complex and consequently stronger with little consideration on the impact on employee productivity .Thus, this study was set to determine the effects of changing the password strength (cognitive load) overtime and its impact on employee productivity .A n experimentwithtwoexperimentalgroupsandonecontrolgroupwasconducted.Datawas collected on the number of failed operating system logon attempts, users’ logon times, task completion times, and number of reset requests.Thedatacollectedfrom72participantswas analyzed for group differences and when controlling for computer experience, age, and gender. Our results showed significant differences on all measures between the three groups. However, no significant differences were observed when controlling for computer experience, age, and gender. Furthermore, the results indicated a significant difference between the user’s perceptions about passwords before and after the experiment. Our results may help organizations to realize the point at which increasing authentication places a higher cognitive load on the users, which in turn affects their productivity

An Experimental Study on the Role of Password Strength and Cognitive Load on Employee Productivity

The proliferation of information systems (IS) over the past decades has increased the demand for system authentication. While the majority of system authentications are password-based, it is well documented that passwords have significant limitations. To address this issue, companies have been placing increased requirements on the user to ensure their passwords are more complex and consequently stronger. In addition to meeting a certain complexity threshold, the password must also be changed on a regular basis. As the cognitive load increases on the employees using complex passwords and changing them often, they may have difficulty recalling their passwords. As such, the focus of this experimental study was to determine the effects of raising the cognitive load of the authentication strength for users upon accessing a system via increased strength for passwords requirements. This experimental research uncovered the point at which raising the authentication strength for passwords becomes counterproductive by its impact on end-user performances. To investigate the effects of changing the cognitive load (via different password strength) over time, a quasi-experiment was proposed. Data was collected in an effort to analyze the number of failed operating system (OS) logon attempts, users’ average logon times, average task completion times, and number of requests for assistance (unlock & reset account). Data was also collected for the above relationships when controlled for computer experience, age, and gender. This quasi-experiment included two experimental groups (Group A & B), and a control group (Group C). There was a total of 72 participants from the three groups. Additionally, a pretest-posttest experiment survey was administered before and after the quasi-experiment. Such assessment was done in an effort to see if user’s perceptions of password use would be changed by participating in this experimental study. The results indicated a significant difference between the user’s perceptions about passwords before and after the quasi-experiment. The Multivariate Analysis of Variance (MANOVA) and Multivariate Analysis of Covariate (MANCOVA) tests were conducted. The results revealed a significance difference on the number of failed logon attempts, average logon times, average task completion, and amount of request for assistance between the three groups (two treatment groups & the control group). However, no significant differences were observed when controlling for computer experience, age, and gender. This research study contributed to the body of knowledge and has implications for industry as well as for further study in the information systems domain. It contributed by giving insight into the point at which an increase of the cognitive load (via different password strengths) become counterproductive to the organization by causing an increase in number of failed OS logon attempts, users\u27 average logon times, average task completion times, and number of requests for assistance (unlock and reset account). Future studies may be conducted in the industry as results by differ from college students