passwords in the news

I can’t find it now, but I remember reading recently about another “cross-discipline” team that discovered all sorts of interesting things, because each member of the team had a different way of looking at the data. Now a PKI research group has attached a sociologist to the team, and that is “starting to produce insight”:http://www.dartmouth.edu/~deploypki/summit04/presentations/PKIUserBehavior.ppt:

bq. A recent survey found that 75 percent of Dartmouth students have shared their network passwords. “They like having people who know their password,” explained “Denise Anthony”:http://www.dartmouth.edu/~socy/faculty/anthony.html, a sociologist who spoke at the PKI summit conference I attended earlier this month. “They like having someone who can check their e-mail for them or log them in to places where they’re supposed to be.”

bq. Professor Anthony’s talk was dramatically different and showed why it was a really smart move to attach a sociologist to Dartmouth’s PKI research group. As security technologists, we’re easily dazzled by our shiny cryptographic swords. But while we’re brandishing our swords, our users — like Indiana Jones in that famous scene from Raiders of the Lost Ark — might simply pull out their guns and shoot us. Better security protocols alone can’t thwart such game-changing behavior. We need to understand what motivates the behavior and figure out which carrots and sticks will influence it.

bq. It’s a given that most people take the path of least resistance. So, for example, two-thirds of Dartmouth students never change their passwords during their four years of enrollment. And most reuse their internal passwords for external sites such as The New York Times and Amazon.com. How do they perceive the risk associated with such behavior? According to Anthony, it’s a tragedy of the commons. The network is a collective resource, but people connected to the network feel that they’re consuming a private good. Their subjective view, she says, is this: “I’m in my office. I’m using my computer. It doesn’t feel like I’m part of a group. I don’t recognize how my behavior affects you.”

InfoWorld: Tragedy of the network commons

posted at 9:44 am on Wednesday, August 11, 2004 in Science and Technology, Security | Comments Off on passwords in the news

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.