preview

Creating Systems Without Considering The Users

Decent Essays

There have been many efforts to create systems without considering the users. Furnell (2007) found that while the rules for password creation had been clearly established, websites were doing little to educate users. Campbell et al. (2011) tested a system that did enforce proper password creation but seemed perplexed why this did not reduce password reuse or the incorporation of personal information into passwords. This highlights one obvious problem in password research as there is a hyper-focus on user ability to remember a singular password while ignoring that users need passwords for dozens of applications (Grawemeyer & Johnson, 2011).
Instead of treating users as a liability, system designers need to recognize users are …show more content…

When viewed in totality, these examples plainly show the previously noted maxim that users can be expected to remember at most five distinct passwords used on a regular basis (Adams & Sasse, 1999). Understanding and accepting these human constraints and limitations is key to developing any robust and secure password schema.
This does not imply a perfectly secure system can be designed. With enough time, any system can be breached (Katz, Ostrovsky, & Yung, 2009). Instead, a reasonably secure password schema needs to be derived. It should keep users relatively safe while affording them the ability to manage passwords without concern of forgetting them or recording them.
With those criteria for success in mind, there have been some efforts made to meet the needs of the users. Duggan, Johnson, and Grawemeyer (2012) analyzed company needs and suggested password requirements be customized to individual users. While their intentions are laudable, though, the practicality of their suggestions can be questioned. Most corporations will not see the cost benefit of investing numerous man hours in implementing such a wide-ranging schema.
Likewise, Ganesan (2016) proposes a single sign-on solution for companies with an Enterprise architecture in place. While this might be good for large corporations, smaller companies may not have the

Get Access