Assessing the User Experience of Password Reset Policies in a University

Organisations may secure system access through use of passwords that comply with defined complexity rules. It may be required that passwords be changed regularly, using an in-person or online helpdesk. Helpdesk logs record password change events and support requests, but overlook the impact of compliance upon end-user productivity. System managers are not incentivised to investigate these impacts, so productivity costs remain with the end-user. We investigate how helpdesk log data can be analysed and augmented to expose the personal costs. Here we describe exploratory analysis of a university’s helpdesk log data, spanning 30 months and 500,000 system events for approximately 10,000 staff and 20,000-plus students. End-user costs were identified, where follow-on interviews and NASA-RTLX assessments with 20 students informed issues which log data did not adequately describe. The majority of users reset passwords before expiration (75% of log events). Log analysis indicated that the online self-service system was vastly preferred to the helpdesk, but that there was a 4:1 ratio of failed to successful attempts to recover account access. Log data did not describe the effort in managing passwords, where interviews exposed points of frustration. Participants saw the need for security but voiced a lack of understanding of the numerous restrictions on passwords. Frustrations led to adoption of diverse coping strategies. We propose ways to improve support, including real-time communication of reasons for failed password creation attempts, and measurement of timing for both successful and failed login attempts

Reviewing the integration of patient data: how systems are evolving in practice to meet patient needs

<p>Abstract</p> <p>Background</p> <p>The integration of Information Systems (IS) is essential to support shared care and to provide consistent care to individuals – patient-centred care. This paper identifies, appraises and summarises studies examining different approaches to integrate patient data from heterogeneous IS.</p> <p>Methods</p> <p>The literature was systematically reviewed between 1995–2005 to identify articles mentioning patient records, computers and data integration or sharing.</p> <p>Results</p> <p>Of 3124 articles, 84 were included describing 56 distinct projects. Most of the projects were on a regional scale. Integration was most commonly accomplished by messaging with pre-defined templates and middleware solutions. HL7 was the most widely used messaging standard. Direct database access and web services were the most common communication methods. The user interface for most systems was a Web browser. Regarding the type of medical data shared, 77% of projects integrated diagnosis and problems, 67% medical images and 65% lab results. More recently significantly more IS are extending to primary care and integrating referral letters.</p> <p>Conclusion</p> <p>It is clear that Information Systems are evolving to meet people's needs by implementing regional networks, allowing patient access and integration of ever more items of patient data. Many distinct technological solutions coexist to integrate patient data, using differing standards and data architectures which may difficult further interoperability.</p

Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics

International audienceToday’s biometric authentication systems are still struggling with replay attacks and irrevocable stolen credentials. This paper introduces a biometric protocol that addresses such vulnerabilities. The approach prevents identity theft by being based on memory creation biometrics. It takes inspiration from two different authentication methods, eye biometrics and challenge systems, as well as a novel biometric feature: the pupil memory effect. The approach can be adjusted for arbitrary levels of security, and credentials can be revoked at any point with no loss to the user. The paper includes an analysis of its security and performance, and shows how it could be deployed and improved

Heterogeneous databases integration in a hospital information systems environment: a bottom-up approach.

The paper describes the problem of heterogeneous databases, discusses the need for an integrated hospital information system and provides a five-step method for integrating heterogeneous databases in the hospital environment. The scope of this method facilitates the integration of medical, administrative and fiscal information elements of a hospital into a unified environment

End-user effectiveness: A cross-cultural examination

This study tests the proposed effect of national environments on end-user computing (EUC). Data were collected from seven American and ten Israeli companies. The participants were 138 Israeli end-users and 156 US end-users, all holding managerial positions. The results indicate some major differences between the two samples; Israeli managers had more computer experience and training than US managers, while US managers reported a much higher level of information center support and showed more favorable attitudes toward EUC than did their Israeli counterparts. Significant differences were also found between the two cultures in end-user satisfaction and overall system usage; US managers were found to be less satisfied with their information systems and used them less frequently than Israeli managers. On the other hand, Israeli managers reported using the system for fewer tasks and features. These findings are discussed and conclusions are drawn concerning the need for cross-cultural studies in the information systems field in general and in end-user computing in particular.information systems end-user computing effectiveness