Encouraging password manager adoption by meeting adopter self-determination needs

Password managers are a potential solution to the password conundrum, but adoption is paltry. We investigated the impact of a recommender application that harnessed the tenets of self-determination theory to encourage adoption of password managers. This theory argues that meeting a person's autonomy, relatedness and competence needs will make them more likely to act. To test the power of meeting these needs, we conducted a factorial experiment, in the wild. We satisfied each of the three self determination factors, and all individual combinations thereof, and observed short-term adoption of password managers. The Android recommender application was used by 470 participants, who were randomly assigned to one of the experimental or control conditions. Our analysis revealed that when all self-determination factors were satisfied, adoption was highest, while meeting only the autonomy or relatedness needs individually significantly improved the likelihood of adoption

Encouraging Password Manager Adoption by Meeting Adopter Self-Determination Needs

Password managers are a potential solution to the password conundrum, but adoption is paltry. We investigated the impact of a recommender application that harnessed the tenets of self-determination theory to encourage adoption of password managers. This theory argues that meeting a person\u27s autonomy, relatedness and competence needs will make them more likely to act. To test the power of meeting these needs, we conducted a factorial experiment, in the wild. We satisfied each of the three self determination factors, and all individual combinations thereof, and observed short-term adoption of password managers. The Android recommender application was used by 470 participants, who were randomly assigned to one of the experimental or control conditions. Our analysis revealed that when all self-determination factors were satisfied, adoption was highest, while meeting only the autonomy or relatedness needs individually significantly improved the likelihood of adoption

The light side of passwords: Turning motivation from the extrinsic to the intrinsic research in progress

There are many good and bad aspects to password authentication. They are mostly without cost, securing many accounts and systems, and allowing users access from anywhere in the world. However, passwords can elicit dark side phenomena, including security technostress; with many users feeling negatively towards them, as they struggle to cope with the sheer numbers required in their everyday lives. Much research has attempted to understand users’ interactions with passwords, examining the trade-off between security, memorability, user convenience, and suggesting techniques to manage them better. However, users continue to struggle. Many studies have shown that users are more concerned with goals other than security, such as convenience and memorability. Therefore, we need to offer another reason that will entice users to engage with the password process more securely. In this study, we suggest that engaging with the password process (creating, learning and recalling passwords) well, is similar to memory training. Therefore, we propose that the “light side” of passwords – the positive reason for properly creating and learning strong passwords, and recalling them successfully, will improve users’ memories for passwords and memory functioning in general. Consequently, changing their motivation from an extrinsic goal to an intrinsic goal – improved memory functioning

Why Users (Don’t) Use Password Managers at a Large Educational Institution

We quantitatively investigated the current state of Password Manager (PM) usage and general password habits at a large, private university in the United States. Building on prior qualitative findings from SOUPS 2019, we survey n=277 faculty, staff, and students, finding that 77% of our participants already use PMs, but users of third-party PMs, as opposed to browser-based PMs, were significantly less likely to reuse their passwords across accounts. The largest factor encouraging PM adoption is perceived ease-of-use, indicating that communication and institutional campaigns should focus more on usability factors. Additionally, our work indicates the need for design improvements for browser-based PMs to encourage less password reuse as they are more widely adopted

The Identification of Staff Nurses as Organizational Champions: A Dissertation

The characteristics of nurses acting as organizational champions, as well as the ways that clinical leaders systematically harness the energy of these champions in support of innovation, were explored in this qualitative descriptive study. The specific aims were guided by prior empirical evidence and identified research needs. Semi-structured interviews were conducted with 14 formal nursing leaders (e.g. managers, educators, administration) in an academic medical center. This study, including the interview guide, was informed by Kouzes and Posner’s (2007) Five Practices of Exemplary Leadership. Two models were developed to describe the data. Overall, participants echoed prior empirical findings identifying a need for organizational champions’ support of innovation and explained how some nurses seem to have “innate” characteristics that make them champions. Participants identified the champion as the “go to” person who can see the bigger picture and who seems to “own their own practice”. They described the importance of being truly present on the unit in order to harness the energy of these champions. Once champions are identified, leaders match the champions’ talents to the innovation planned, secure buy in from the champions, and actively work to support champions and get a culture of innovation “in the drinking water.” This work enhances the leader’s experience and makes him/her feel inspired and engaged. The two models developed based on the participants’ description of their experience working with staff nurses acting as organizational champions provide a framework for clinical leaders to identify and engage organizational champions in their clinical areas in support of innovation

The Design and Development of an Interactive Story for Security Education: A Case Study on Password Managers

Password managers allow us to generate unique passwords that ultimately protect our accounts and improve our password management. Despite being one of the most common security advice, adaption of password managers remain low. The complexity and magnitude of security advice leave users pondering about the best decision to keep themselves safe online. Indeed, it is generally better to learn concepts through a feedback loop, where we are informed, make a decision, and ultimately experience the consequences of our decisions. This feedback loop is absent in the traditional way security advice is given. In this thesis, I explore the potential of using interactive stories (Choose-Your-Own Adventure stories) to simulate security consequences to convey lessons and risks. Through participatory design, survey methods, interviews, and learning science principles, I developed and validated a comprehensive and effective interactive story to be used in security education. The results of this thesis show a promising approach of using interactive stories in the security education ecosystem.Master of ScienceInformation, School ofUniversity of Michiganhttp://deepblue.lib.umich.edu/bitstream/2027.42/162553/1/Sugatan_Carlo_Final_MTOP_Thesis_20200429.pd

Strategies That Mitigate IT Infrastructure Demands Produced by Student BYOD Usa

The use of bring your own devices (BYOD) is a global phenomenon, and nowhere is it more evident than on a college campus. The use of BYOD on academic campuses has grown and evolved through time. The purpose of this qualitative multiple case study was to identify the successful strategies used by chief information officers (CIOs) to mitigate information technology infrastructure demands produced by student BYOD usage. The diffusion of innovation model served as the conceptual framework. The population consisted of CIOs from community colleges within North Carolina. The data collection process included semistructured, in-depth face-to-face interviews with 9 CIOs and the analysis of 25 documents, all from participant case organizations. Member checking was used to increase the validity of the findings. During the data analysis phase, the data were coded, sorted, queried, and analyzed obtained from semistructured interviews and organizational documentation with NVivo, a qualitative data analysis computer software package. Through methodological triangulation, 3 major themes emerged from the study: the importance of technology management tools, the importance of security awareness training, and the importance of BYOD security policies and procedures. These themes highlight successful strategies employed by CIOs. The implications for positive social change as a result of this study include creating a more positive experience for students interacting with technology on campus. Effects on social change will also arise by increasing a student\u27s mindfulness through security awareness programs, which will empower the student to take more control of their online presence and as they pass that information along to family and friends

BYPASS: RECONSIDERING THE USABILITY OF PASSWORD MANAGERS

Since passwords are an unavoidable mechanism for authenticating to online services, experts often recommend using a password manager for better password security. However, adoption of password managers is low due to poor usability, the difficulty of migrating accounts to a manager, and users' sense that a manager will not add value. In this work, we present ByPass, a novel password manager that is placed between the user and the website for secure and direct communication between the manager and websites. This direct communication allows ByPass to minimize the users' actions needed to complete various password management tasks, including account registration, logins, and password changes. ByPass is designed to minimize errors and improve usability. Our goal is to create a space where security could be the users' primary task, and allow them to focus cleanly and consistently on account management tasks. The constancy of the ByPass interface is intended to allow users a greater sense of control over their passwords and accounts. By using the API to move account interactions into this space, we hope to create an interface where users knew where to address security concerns, and access the controls to address those concerns. Current password managers hint at this functionality (and include innovative tools, such as security audits) but their placement outside the authentication interaction hampers the functionality they are able to support. We conducted a usability evaluation of ByPass and found that this approach shows promising usability, and can help users to better manage their accounts in a secure manner. We also conducted a security analysis of ByPass and showed the security improvements that can be achieved with the support of APIs for password managers. Our study shows that many known security vulnerabilities can be eradicated from the foundation of password managers, and significant usability can be gained with the inclusion of APIs support for password managers