Development of human factor password guidelines for authentication with passwords

With technology being ever present in organizations, it is prudent to believe that new challenges develop along with new technological breakthroughs. In a world of ever increasing technological advances, users of technology are at risk of overloading human memory limitations as the number and complexity of passwords, user Id's, and other electronic identifiers increase. The role that understanding human factors (HF) limitations plays in the development of a security policy from a password authentication standpoint is in minimizing the demands that passwords place on the human memory system. The problem is defined to be "the identification and management of vulnerabilities due to the proliferation of personal and professional authentication needs in information systems." This research focused on the link between password and workload issues on human memory limitations. A model was developed for HF practitioners and information technology (IT) professionals to use in determining the vulnerabilities that password practices are producing on their information systems. This model enables researchers to identify specific password issues and workload issues that make a system vulnerable to security breaches.; This research evaluated how passwords and humans impact the security of information systems and how human error (HE) in information security can be reduced or eliminated in systems. This research produced methods that were useful in mitigating the risks that result when these demands exceed human capabilities by developing HF password guidelines for authentication with passwords. The HF guidelines for passwords were created that enable an individual to choose a strong password that is acceptable to the IT community yet be a password that does not exceed human memory limitations. The research indicated that reduced demands are placed on human memory capabilities since the passwords are comprised of data that can be easily retrieved from memory. This research helps those that design security policies through providing applicable and understandable simplistic guidelines for information system users that reduce the vulnerabilities produced by information systems within organizations and increase the trust that can be placed in the users of information systems.