Investigation the role of personality and individual differences on password security breaches: An Empirical Study
Subject Areas :زهرا کریمی 1 , manije kaveh 2 , rezvan salehi 3 , milad moltaji 4
1 - computer science department - shahrekord university
2 - Assistant Professor of Counseling and Psychology Department
3 - assistant professor
4 - دانشگاه شهرکرد
Keywords: cyber security, password, personality, gender, field of study, correlational analysis,
Abstract :
The individual differences of Information Technology users influence on the selection and maintenance of passwords. To fill this gap, this paper, studies the relationships between gender, personality, education level and field of study in one direction and password security in another direction. The method was descriptive and correlational. A sample selected by Convenience sampling, answered the NEO Five-Factor Model, biographical and password security behavior questionnaires. The data of 529 accepted questionnaires were analyzed using Pearson, T-Test, anova and regression the results showed that male users select stronger passwords compared to female users. The users in mathematical science, computer science, and also accounting, breached password security more often in comparison with users in other majors. Neuroticism has positive relationship, Openness-to-Experience and Agreeableness has negative relationships and Conscientiousness has a dual relationship with password security breach. These findings contribute to cybersecurity, especially in Iran, by considering individual differences in security behaviors and perceptions.
[1] اسدالله شاه بهرامی، رامین رفیع زاده کاسانی، حسین پوریوسفی درگاه، "شناسایی و اولويتبندی پارامترهای تاثیرگذار بر سيستم مديريت امنيت اطلاعات (مطالعه موردی: شعب تامیناجتماعی استان گیلان)"، دوفصلنامه اطلاعات و ارتباطات ایران، دوره 10، شماره 35؛ صفحات 57-74، 1397.
[2] M. A. Sasse, S. Brostoff, & D, Weirich. "Transforming the ‘weakest link’—a human/computer interaction approach to usable and effective security". BT technology journal. vol. 19, no. 3, pp. 122-131, 2001.
[3] C. Anschuetz, "The Weakest Link Is Your Strongest Security Asset. Retrieved from". http://blogs.wsj.com/cio/2015/02/26/the-weakest-link-is-your-strongest-securityasset/
[4] J. Leach. "Improving user security behaviour". Computers & Security. vol.22, no. 8, pp. 685- 692, 2001.
[5] A. Kovačević, N. Putnik, & O. Tošković. "Factors Related to Cyber Security Behavior". IEEE Access, vol. 8, 2020. 125140-125148.
[6] J. Blythe, J. Camp, & V. Garg. "Targeted risk communication for computer security". Proceedings of the 16th International Conference on Intelligent User Interfaces - IUI '11, pp. 295-298, 2011.
[7] R. Shay, S. Komanduri, P. G, Kelley, P. G., Leon, M. L. Mazurek, L., Bauer, L. F. Cranor."Encountering stronger password requirements". Proceedings of the Sixth Symposium on Usable Privacy and Security - SOUPS '10, 2. 2010.
[8] S. Sheng, M. Holbrook, P. Kumaraguru, L. F Cranor, & J. Downs, "Who falls for phish?” Proceedings of the 28th International Conference on Human Factors in Computing Systems - CHI '10, pp. 373-382, 2010.
[9] Jr. JL. Parrish, J.L. Bailey, & J.F. Courtney. "A personality based model for determining susceptibility to phishing attacks." Little Rock: University of Arkansas, pp. 285-296, 2009.
[10] J. G. Mohebzada, A. E. Zarka, A. H. Bhojani, & A. Darwish. "Phishing in a university community: Two large scale phishing experiments". International Conference on Innovations in Information Technology (IIT), pp. 249-254, 2012.
[11] A. Darwish, A.E. Zarka 7 F. Aloul. "Towards understanding phishing victims’ profile". International Conference on Computer Systems and Industrial Informatics. IEEE, 2012.
[12] J. Shropshire, M. Warkentin, A. Johnston, & M. Schmidt. "Personality and IT security: An application of the five-factor model". AMCIS 2006 Proceedings. pp.415, 2006.
[13] A. Maraj, M. V. Martin, M. Shane, M. and Mannan. "On the Null Relationship between Personality Types and Passwords". Conference on Privacy, Security and Trust. Fredericton, NB, Canada. 2019.
[14] T. Halevi, J. Lewis, & N. Memon. "A pilot study of cyber security and privacy related behavior and personality traits". Proceedings of the 22nd International Conference on World Wide Web - WWW '13 Companion, pp. 737-744, 2013.
[15] M. Pattinson, C. Jerram, K. Parsons, A. Mccormac, & M. Butavicius. "Why do some people manage phishing e‐mails better than others?" Info Mngmnt & Comp Security Information Management & Computer Security, vol. 20, no. 1, pp.18-28, 2012.
[16] S. Egelman, & E. Peer. "Predicting privacy and security attitudes". SIGCAS Comput. Soc. ACM SIGCAS Computers and Society, vol. 45, no.1, pp. 22-28, 2015.
[17] M, Zviran & WJ. Haga, " Password security: an empirical study". Journal of Management Information Systems. vol. 15, no. 4, pp. 161-85, 1999.
[18] تقی گروسیفرشی، نعمت الله تقوی، "رویکردی نوین در ارزیابی شخصیت (کاربرد تحلیل عاملی در مطالعات شخصیت)"، انتشارات جامعه پژوه، دانیال، 1380.
[19] فرهاد خرمایی، اعظم فرمانی، "بررسي شاخص هاي روانسنجي فرم کوتاه پرسشنامه پنج عامل بزرگ شخصيت"، روشها و مدلهای روان شناختی، دوره 4، شماره 16، صفحات 29-39، 1393.
[20] S. Brandi. "An Empirical Assessment of User Online Security Behavior: Evidence from a University". Diss. U. of Maryland Libraries, 2016.
[21] S. Pearman, J. Thomas, P.E. Naeini, H. Habib, L. Bauer, N. Christin, … & A. Forget. "Let's go in for a closer look: Observing passwords in their natural habitat". In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 295-310, 2017
[22] لیلا ساروخانی، غلامعلی منتظر، "طراحی و پیاده سازی سیستم هوشمند شناسایی رفتار مشکوک در بانکداری اینترنتی به کمک نظریه مجموعههای فازی"، دوفصلنامه فناوری اطلاعات و ارتباطات ایران، دوره 1، شماره 1، 1392.