Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauthorized access utilizing various defense techniques, with the most popular and frequently used technique being passwords. However, the dramatic increase of user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. Despite users being more aware of password entropy, users still often participate in deviant password behaviors also known as ‘password workarounds’ or ‘shadow security’. These deviant password behaviors can put individuals and organizations at risk resulting in data privacy issues, data loss, and ultimately a data breach incident. In this paper, we outline a research-in-progress study to build a risk taxonomy for organizations based on the to identify the risks associated with deviant password behaviors technique based on the constructs of users’ perceived cybersecurity risk of data breaches resulting from PassWord WorkArounds (PWWA) techniques. Additionally, this study aims to empirically assess significant mean difference between Subject Matter Experts (SMEs) and employees on their perceived cybersecurity risk of data breaches resulting from the deviant password behaviors and frequency of PWWA techniques usage
