research-article

Cultural and Gender Differences in Password Behaviors: Evidence from China, Turkey and the UK

Authors:

Burak MerdenyanAuthors Info & Claims

NordiCHI '16: Proceedings of the 9th Nordic Conference on Human-Computer Interaction

Article No.: 9, Pages 1 - 10

https://doi.org/10.1145/2971485.2971563

Published: 23 October 2016 Publication History

Abstract

A survey investigated the password behaviors of a sample of 202 men and women from three countries with very different cultures: China, Turkey and the UK. The survey covered four areas: the context of password use, password creation, password management and attitudes to passwords. A complex pattern of country and gender differences emerged, with most country differences in the context of password use and password creation behaviors, and gender differences in context of password use, password creation and management behaviors. There was little support for three hypotheses concerning cultural differences in password behaviors derived from the dimensions of Power Distance, Individualism-Collectivism, and Uncertainty Avoidance. However, the results suggest that both cultural background and gender need to be taken into account when studying users' password behaviors.

References

[1]

Adams, A. and Sasse, M.A. 1999. Users are not the enemy. Communication of the ACM 42, 12: 40--46.

Digital Library

[2]

Boothroyd, V. and Chiasson, S. 2013. Writing down your password: Does it help? Proceedings of the 11th Annual Conference on Privacy, Security and Trust, (PST 2013), pp. 267--274.

[3]

Brown, A.S., Bracken, E., Zoccoli, S. and Douglas, K. 2004. Generating and remembering passwords. Appl. Cogn. Psychol. 18, 641--651.

[4]

Bryant, K. and Campbell, J. 2006. User behaviors associated with password security and management. Australasian Journal of Information Systems 14, 1: 81--100.

[5]

Dhamija, R. and A. Perrig. 2000. Deja vu: A user study using images for authentication. Proceedings of the 9th USENIX Security. Symposium (USENIX 2000), 45--58.

Digital Library

[6]

Egelman, S., Sotirakopoulos, A., Muslukhov, I., Beznosov, K. and Herley, C. 2013. Does my password go up to eleven? The impact of password meters on password selection. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2379--2388.

Digital Library

[7]

Farcasin, M. and Chan-tin, E. 2015. Why we hate IT: two surveys on pre-generated and expiring passwords in an academic setting. Security and Communcation Networks, 8, 2361--2373.

Digital Library

[8]

Florencio, D. and Herley, C. 2007. A large-scale study of web password habits. Proceedings of the 16th International Conference on the World Wide Web (WWW '07), pp. 657--666.

Digital Library

[9]

Gaw, S. and Felten, E.W. 2006. Password management strategies for online accounts. Proceedings of the second symposium on Usable privacy and Security (SOUPS '06), pp. 44--66.

Digital Library

[10]

Grawemeyer, B. and Johnson, H. 2011. Using and managing multiple passwords: A week to a view. Interact. Comput. 23, 256--267.

Digital Library

[11]

Herley, C., van Oorschot, P.C. and Patrick, A.S. 2009. Passwords: if we're so smart, why are we still using them? In R. Dingledine and P. Golle (Eds.), Financial Cryptography and Data Security 2009 (LNCS 5628), pp 230--237.

Digital Library

[12]

Hofstede, G. 1980. Culture's Consequences: International Differences in Work-Related Values. Sage.

[13]

Hofstede, G., Pedersen, P. B. and Hofstede, G. H. 2002. Exploring Culture: Exercises, Stories and Synthetic Cultures. Nicholas Brealey.

[14]

Hoonakker, P., Bornoe, N. and Carayon, P. 2009. Password authentication from a human factors perspective: results of a survey among end-users. Proceedings of the Human Factors and Ergonomics Society 53rd Annual Meeting, HFS.

[15]

Huff, C. and Tingley, D. 2015. Who are these people? Evaluating the demographic characteristics and political preferences of MTurk survey respondents. Research and Politics, 1--15.

[16]

Inglesant, P. and M. A. Sasse, 2010. The true cost of unusable password policies: password use in the wild. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems.

Digital Library

[17]

Kaye, J. 2011. Self-reported password sharing strategies' Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2619--2622.

Digital Library

[18]

Kirkman, B.L., Lowe, K.B. and Gibson, C.B. 2006. A quarter century of Culture's Consequences: a review of empirical research incorporating Hofstede's cultural values framework. Journal of International Business Studies, 37, 285--320.

[19]

Klein, D. V. (1990). "Foiling the cracker": a survey of, and improvements to, password security. Proceedings of the 2nd USENIX Security Workshop. 5--14.

[20]

Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F. and Egelman, S. 2011. Of passwords and people: measuring the effect of password-composition policies. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595--2604.

Digital Library

[21]

Kumar, N. 2011. Password in practice: an usability study. Journal of Global Research in Computer Science, 2, 5, 107--112.

[22]

Maxim, M. and J. Duong. 2015. Benchmark your employee password policies and practices. Forrester Research.

[23]

Mazurek, M.L., Bauer, L., Christin, N. and. Cranor, L.F. 2010. Encountering stronger password requirements, Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS '10), p. 1.

Digital Library

[24]

Mazurek, M.L., Komanduri, S., Vidas, T., Bauer, L., Christin, N. Cranor, L.F., Kelley, P.G., Shay, R. and Ur, B. 2013. Measuring password guessability for an entire university. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS '13), pp 173--186.

Digital Library

[25]

Morris, R. and Thompson, K. 1979. Password security: a case history. Communication of the ACM 22, 11: 594--597.

Digital Library

[26]

Notoatmodjo, G. and Thomborson, C. 2009. Passwords and perceptions. Proceedings of the 7th Australasian Information Security Conference (AISC 2009). Wellington, New Zealand.

Digital Library

[27]

Proctor, R. W., Lien, M.-C., Vu, K.-P. L., Schultz, E. E., & Salvendy, G. 2002. Improving computer security for authentication of users: Influence of proactive password restrictions. Behavior Research Methods, Instruments, & Computers, 34, 2, 163--169.

[28]

Riddle, B. L., Miron, M.S. and Semo, J.A. 1989. Passwords in use in a university timesharing environment. Computers and Security 8: 569--579.

Digital Library

[29]

Sasse, M. A., Brostoff, S. and Weirich, D. 2001. Transforming the weakest link: a human-computer interaction approach to usable and effective security. BT Technology Journal 19, 3: 122--131.

Digital Library

[30]

Sasse, M.A., Steves, M., Krol, K. and Chisnell, D. 2014. The great authentication fatigue -- and how to overcome it. In P.L.P. Pau (Ed.), Cross Cultural Design (LNCS 8528), 228--239.

[31]

Shay, R., Komanduri, S., Kelley, P.G., Leon, P.G., Mazurek, M.L., Bauer, L., Christin, N. and Cranor, L.F. 2010. Encountering stronger password requirements: user attitudes and behaviorss. Proceedings of the Symposium on Usable and Privacy and Security (SOUPS). New York: ACM Press.

Digital Library

[32]

Singh, S., Cabraal, A., Demosthenous, C. Astbrink, G. and Furlong, M. 2007. Password Sharing: Implications for Security Design Based on Social Practice, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 895--904.

Digital Library

[33]

Tam, L., Glassman, M. and Vandenwauver, M. 2010. The psychology of password management: a tradeoff between security and convenience. Behaviors and Information Technology, 29, 3, 233--244.

Digital Library

[34]

Ur, B., Kelley, P.G., Komanduri, S., Lee, J., Maass, M., Mazurek, M.L., Passaro, T., Shay, R., Vidas, T., Bauer, L., Christin, N. and Cranor, L.F. 2012. How does your password measure up? The effect of strength meters on password creation. Proceedings of the 21st USENIX Security Symposium.

Digital Library

[35]

Voyiatzis, A. G., Fidas, C.A., Serpanos, D.N. and Avouris, N.M. 2011. An empirical study on the web password strength in Greece. Proceedings of the 15th Panhellenic Conference on Informatics (PCI), 212--216.

Digital Library

[36]

Vu, K.-P. L., Proctor, R. W., Bhargav-Spantzel, A., Tai, B.-L. (Belin), Cook, J., & Eugene Schultz, E. 2007. Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies, 65(8), 744--757.

Digital Library

[37]

Wang, W., Wang, H. and Meng, Y. 2013. A large-scale survey on password habits of internet users in China. Journal of Convergence Information Technology, 8, 4.

[38]

Yan, J., Blackwell, A., Anderson, R. and Grant, A. 2004. Password memorability and security: empirical results. IEEE Security and Privacy September/October: 25-30.

Digital Library

[39]

Zhang, J., Luo, X., Akkaladevi, S. and Ziegelmayer, J. 2009. Improving multiple-password recall: an empirical study. European Journal of Information Systems, 1--12.

[40]

Zviran, M. and Haga, W. J. 1990. Cognitive passwords: the key to easy access control. Computers and Security 9, 8: 723--736.

Digital Library

[41]

Zviran, M. and Haga, W.J. 1993. A comparison of password techniques for multilevel authentication mechanisms. The Computer Journal 36, 3: 227--237.

[42]

Zviran, M. and Haga, W.J. 1999. Password security: an empirical study. J. Manag. Inf. Syst. 15, 161--185.

Digital Library

Cited By

Saleh MElagroudy PLukowicz PSturm C(2024)Ghost Readers of the Nile: Decrypting Password Sharing Habits in Chatting Applications among Egyptian WomenProceedings of the ACM on Human-Computer Interaction10.1145/36765068:MHCI(1-43)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676506
D. Guillén-Gámez FMartínez-García IAlastor ETomczyk Ł(2024)Digital Competences in Cybersecurity of Teachers in TrainingComputers in the Schools10.1080/07380569.2024.236161441:3(281-306)Online publication date: 5-Jul-2024
https://doi.org/10.1080/07380569.2024.2361614
Pathak RAggarwal AAiswarya RRaveendran JShukla MBanahatti VLodha S(2024)Design and Evaluation of a Password Diversifier ToolProceedings of the 14th Indian Conference on Human-Computer Interaction10.1007/978-981-97-4335-3_3(51-74)Online publication date: 3-Aug-2024
https://doi.org/10.1007/978-981-97-4335-3_3
Show More Cited By

Index Terms

Cultural and Gender Differences in Password Behaviors: Evidence from China, Turkey and the UK
1. Human-centered computing

Recommendations

Password Challenges for Older People in China and the United Kingdom
Computers Helping People with Special Needs
Abstract
As vital services are moving increasingly online, it is important that everyone, including older people, can access them. Both high risk and many low risk online services require password authentication. Although there has been some research ...
Pocket Password Book (Password): A discreet internet password organizer
Password Book: Password Journal / Password Organizer / Password Keeper / Internet Usernames and Passwords / Internet Password Logbook A Passkey Log ... seamless pattern collection) (Volume 48)

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

NordiCHI '16: Proceedings of the 9th Nordic Conference on Human-Computer Interaction

October 2016

1045 pages

ISBN:9781450347631

DOI:10.1145/2971485

General Chairs:
Staffan Björk
University of Gothenburg
,
Eva Eriksson
Chalmers University of Technology
,
Program Chairs:
Morten Fjeld
Chalmers University of Technology
,
Susanne Bødker
University of Aarhus
,
Publications Chairs:
Wolmet Barendregt
University of Gothenburg
,
Mohammad Obaid
Chalmers University of Technology

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Chalmers University of Technology
SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

NordiCHI '16

NordiCHI '16: 9th Nordic Conference on Human-Computer Interaction

October 23 - 27, 2016

Gothenburg, Sweden

Acceptance Rates

NordiCHI '16 Paper Acceptance Rate 58 of 231 submissions, 25%;

Overall Acceptance Rate 379 of 1,572 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
611
Total Downloads

Downloads (Last 12 months)55
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Saleh MElagroudy PLukowicz PSturm C(2024)Ghost Readers of the Nile: Decrypting Password Sharing Habits in Chatting Applications among Egyptian WomenProceedings of the ACM on Human-Computer Interaction10.1145/36765068:MHCI(1-43)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676506
D. Guillén-Gámez FMartínez-García IAlastor ETomczyk Ł(2024)Digital Competences in Cybersecurity of Teachers in TrainingComputers in the Schools10.1080/07380569.2024.236161441:3(281-306)Online publication date: 5-Jul-2024
https://doi.org/10.1080/07380569.2024.2361614
Pathak RAggarwal AAiswarya RRaveendran JShukla MBanahatti VLodha S(2024)Design and Evaluation of a Password Diversifier ToolProceedings of the 14th Indian Conference on Human-Computer Interaction10.1007/978-981-97-4335-3_3(51-74)Online publication date: 3-Aug-2024
https://doi.org/10.1007/978-981-97-4335-3_3
Jensen CKarresand MGaba GGurtov AÖhrn E(2024)Are Swedish Passwords Tougher Than the Rest?Secure IT Systems10.1007/978-3-031-79007-2_1(3-21)Online publication date: 6-Nov-2024
https://dl.acm.org/doi/10.1007/978-3-031-79007-2_1
Juozapavičius ABrilingaitė ABukauskas LLugo R(2022)Age and Gender Impact on Password HygieneApplied Sciences10.3390/app1202089412:2(894)Online publication date: 16-Jan-2022
https://doi.org/10.3390/app12020894
Aiswarya Raveendran JBanahatti V(2022)Behavioral attributes in password reuse: Analysis of password practices in work and personal spacesProceedings of the 13th Indian Conference on Human-Computer Interaction10.1145/3570211.3570212(1-19)Online publication date: 9-Nov-2022
https://dl.acm.org/doi/10.1145/3570211.3570212
Grobler MChamikara MAbbott JJeong JNepal SParis C(2020)The importance of social identity on password formulationsPersonal and Ubiquitous Computing10.1007/s00779-020-01477-1Online publication date: 7-Nov-2020
https://doi.org/10.1007/s00779-020-01477-1
Jeong JGrobler MChamikara MRudolph C(2019)Fuzzy Logic Application to Link National Culture and Cybersecurity Maturity2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC48465.2019.00046(330-337)Online publication date: Dec-2019
https://doi.org/10.1109/CIC48465.2019.00046
Merdenyan BPetrie H(2019)Perceptions of Risk, Benefits and Likelihood of Undertaking Password Management Behaviours: Four ComponentsHuman-Computer Interaction – INTERACT 201910.1007/978-3-030-29381-9_34(549-563)Online publication date: 2-Sep-2019
https://dl.acm.org/doi/10.1007/978-3-030-29381-9_34
Merdenyan BPetrie H(2018)Generational differences in password management behaviourProceedings of the 32nd International BCS Human Computer Interaction Conference10.14236/ewic/HCI2018.60(1-10)Online publication date: 4-Jul-2018
https://dl.acm.org/doi/10.14236/ewic/HCI2018.60
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten