{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:27:29Z","timestamp":1754155649988,"version":"3.41.2"},"reference-count":28,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2014,10,7]],"date-time":"2014-10-07T00:00:00Z","timestamp":1412640000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,10,7]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 The purpose of this paper is to extend the results of a Norwegian password security survey. Research, especially in the early 21st century, has shown that education is needed to change people\u2019s behaviour regarding password generation, management and storage. As our daily routines and duties have become more dependent on electronic services in the last decade, one could think that qualitative education is nowadays given to users. This survey is to verify that assumption. <\/jats:p>\n <\/jats:sec>\n \n Methodology<\/jats:title>\n \u2013 A nation-wide demographic survey among employees in Norway with a sample of 1,003 respondents at the ages of 18-64 years was conducted in October 2012. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 The results show that the education or proper guidance seldom is given leading to the outdated users\u2019 behaviour. <\/jats:p>\n <\/jats:sec>\n \n Research limitations<\/jats:title>\n \u2013 The results of the study are limited to the employed only and they do not explain behaviour of students, teenagers or children. <\/jats:p>\n <\/jats:sec>\n \n Social implications<\/jats:title>\n \u2013 During the current year, the results of the study have been discussed several times in national media and, hopefully, have an impact to employees\u2019 behaviour. The results have also been used in the National Security Month campaign in October 2013. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 The questionnaire itself is not unique. However, the large amount of respondents gives higher value to the results.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/imcs-10-2013-0079","type":"journal-article","created":{"date-parts":[[2014,10,29]],"date-time":"2014-10-29T06:51:52Z","timestamp":1414565512000},"page":"346-357","source":"Crossref","is-referenced-by-count":3,"title":["Extended results of Norwegian password security survey"],"prefix":"10.1108","volume":"22","author":[{"given":"Kirsi","family":"Helkala","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tone","family":"Hodd\u00f8 Bak\u00e5s","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020122802182365700_b1","unstructured":"Benediktsson, A.\n (2012), \u201cPassordh\u00e5ndtering\u201d, available at: www.hardware.no\/artikler\/passordhaandtering\/78112 (accessed 8 January 2013)."},{"key":"key2020122802182365700_b2","unstructured":"Bonneau, J.\n and \n Preibusch, S.\n (2010), \u201cThe password thicket: technical and market failures in human authentication on the web\u201d, Proceedings of Workshop on the Economics of Information Security 2010."},{"key":"key2020122802182365700_b3","unstructured":"CSID\n (2012), \u201cComsumer survey: password habits\u201d, available at: www.csid.com\/wp-content\/uploads\/2012\/09\/CS_PasswordSurvey_FullReport_FINAL.pdf (accessed 8 January 2013)."},{"key":"key2020122802182365700_b4","unstructured":"Eid, A.\n (2013), \u201cNorsk passordekspert:- slik lager du et sikkert passord\u201d, available at: www.tv2.no\/nyheter\/innenriks\/norsk-passordekspert-slik-lager-du-et-sikkert-passord-3976189.html (accessed 07 October 2013)."},{"key":"key2020122802182365700_b5","doi-asserted-by":"crossref","unstructured":"Flor\u00eancio, D.\n and \n Herley, C.\n (2010), \u201cWhere do security policies come from?\u201d, Proceedings of Symposium on Usable Privacy and Security (SOUPS 2010).","DOI":"10.1145\/1837110.1837124"},{"key":"key2020122802182365700_b6","unstructured":"Gibson Research Corporation Web Site (GRC)\n (2013), \u201cPerfect passwords\u201d, available at: www.grc.com\/passwords.htm (accessed 12 January 2013)."},{"key":"key2020122802182365700_b7","unstructured":"Haley, K.\n (2010), \u201cSymantec - password survey results\u201d, available at: www.symantec.com\/connect\/blogs\/password-survey-results (accessed 8 January 2013)."},{"key":"key2020122802182365700_b8","unstructured":"Hegle, H.\n (2013), \u201cSlik lager du et idiotsikkert passord\u201d, available at: www.dagensit.no\/article2625468.ece (accessed 07 October 13)."},{"key":"key2020122802182365700_b9","doi-asserted-by":"crossref","unstructured":"Helkala, K.\n (2011), \u201cPassword education based on guidelines tailored to different password categories\u201d, Journal of Computers, Vol. 6 No. 5.","DOI":"10.4304\/jcp.6.5.969-975"},{"key":"key2020122802182365700_b10","doi-asserted-by":"crossref","unstructured":"Helkala, K.\n , \n Svendsen, N.K.\n , \n Thorsheim, P.\n and \n Wiehe, A.\n (2012), \u201cCracking associative passwords\u201d, Proceeding 17th Nordic Conference, NordSec 2012, LNCS, Vol. 7617, pp. 153-168.","DOI":"10.1007\/978-3-642-34210-3_11"},{"key":"key2020122802182365700_b11","doi-asserted-by":"crossref","unstructured":"Hoonakker, P.\n , \n Bornoe, N.\n and \n Carayon, P.\n (2009), \u201cPassword authentication from a human factors perspective: results of a survey among end-users\u201d, Proceedings of the Human Factors and Ergonomics Society 53rd Annual Meeting, pp. 459-463.","DOI":"10.1177\/154193120905300605"},{"key":"key2020122802182365700_b12","doi-asserted-by":"crossref","unstructured":"Horcher, A.M.\n and \n Tejay, G.P.\n (2009), \u201cBuilding a better password: the role of cognitive load in information security training\u201d, Proceedings of IEEE International Conference on Intelligence and Security Informatics, ISI, pp. 113-118.","DOI":"10.1109\/ISI.2009.5137281"},{"key":"key2020122802182365700_b13","unstructured":"Junglemap Corporation Web Site\n (2013), available at: www.junglemap.com\/ (accessed 15 January 2013)."},{"key":"key2020122802182365700_b14","doi-asserted-by":"crossref","unstructured":"Katz, F.H.\n (2005), \u201cThe effect of a university information security survey on instruction methods in information security\u201d, Proceedings of the Information Security Curriculum Development Conference, pp. 43-48.","DOI":"10.1145\/1107622.1107633"},{"key":"key2020122802182365700_b15","unstructured":"Korneliussen, S.O.\n (2013), \u201cHver av oss har 25 passord\u201d, available at: www.f-b.no\/nyheter\/hver-av-oss-har-25-passord-1.7820030?fb_comment_id=fbc_431866916902221_2865202_431899723565607#f37d48e0e8 (accessed 07 October 2013)."},{"key":"key2020122802182365700_b16","doi-asserted-by":"crossref","unstructured":"Kuhn, T.B.\n and \n Garrison, C.\n (2009), \u201cA survey of passwords from 2007 to 2009\u201d, Information Security Curriculum Development Conference, InfoSecCD\u201909, pp. 91-94.","DOI":"10.1145\/1940976.1940994"},{"key":"key2020122802182365700_b17","unstructured":"Kumar, N.\n (2011), \u201cPassword in practice: an usability survey\u201d, Journal of Global Research in Computer Science, Vol. 2 No. 5, pp. 107-112."},{"key":"key2020122802182365700_b18","unstructured":"Mehus, C.\n (2013), \u201cBortkommen i passordt\u00e5ka?\u201d, available at: www.idg.no\/pcworld\/tips_og_guider\/sikkerhet\/article268050.ece?curPage=4 (accessed 08 October 13)."},{"key":"key2020122802182365700_b19","unstructured":"N\u00e6ringslivets sikkerhetsr\u00e5d (NSR)\n (2012), \u201cM\u00f8rketallsunders\u00f8kelse 2012\u201d, available at: www.nsr-org.no\/getfile.php\/Dokumenter\/NSR%20publikasjoner\/M%C3%B8rketallsunders%C3%B8kelsen\/moerketall_2012.pdf"},{"key":"key2020122802182365700_b20","unstructured":"Nasjonal sikkerhets myndighet Corporation Web Site\n (2002), \u201cVeiledning til $ 5-26: Utarbeidelse av brukerinsturks\u201d, available at: www.nsm.stat.no\/Documents\/Veiledninger\/Veiledning%20i%20Utarbeidelse%20av%20Brukerinstruks%20versjon%202-0.pdf (accessed 8 January 2013)."},{"key":"key2020122802182365700_b21","unstructured":"NIST Special Publication\n (2009), \u201cGuide to enterprise password management\u201d, available at: csrc.nist.gov\/publications\/drafts\/800-118\/draft-sp800-118.pdf"},{"key":"key2020122802182365700_b22","unstructured":"NorSIS\n (2012a), \u201cPassordvett\u201d, available at: www.norsis.no\/veiledninger\/Passord.html (accessed 8 January 2013)."},{"key":"key2020122802182365700_b23","unstructured":"NorSIS\n (2012b), \u201cVi gjenbruker passordene v\u00e5re\u201d, available at: www.norsis.no\/nyheter\/2012-12-8-NorSIS-passordundersoekelse.html (accessed 07 October 2013)."},{"key":"key2020122802182365700_b24","unstructured":"Sasse, M.A.\n , \n Brostoff, S.\n and \n Weirich, D.\n (2001), \u201cTransforming the \u201cweakest link-human\/computer interaction approach to usable and effective security\u201d, BT Technology, Vol. 19 No. 19, pp. 122-131."},{"key":"key2020122802182365700_b25","doi-asserted-by":"crossref","unstructured":"Shay, R.\n , \n Komanduri, S.\n , \n Kelley, P.G.\n , \n Leon, P.G.\n , \n Mazurek, M.L.\n , \n Bauer, L.\n , \n Christin, N.\n and \n Cranor, L.F.\n (2010), \u201cEncountering stronger password requirements: user attitudes and behaviors\u201d, Proceedings of the Symposium on Usable Privacy and Security (SOUPS 2010).","DOI":"10.1145\/1837110.1837113"},{"key":"key2020122802182365700_b26","doi-asserted-by":"crossref","unstructured":"Talib, S.\n , \n Clarke, N.L.\n and \n Furnell, S.M.\n (2010), \u201cAn analysis of information security awareness within home and work environments\u201d, Proceedings of ARES \n 10, pp. 196-203.","DOI":"10.1109\/ARES.2010.27"},{"key":"key2020122802182365700_b27","unstructured":"Thorvaldsen, L.\n (2012), \u201cMajoriteten av Norge tror at det vet hva som er et godt passord\u201d, available at: dagbladet.no\/2012\/12\/05\/nyheter\/innenriks\/datasikkerhet\/passord\/24685246\/ (accessed 20 January 2013)."},{"key":"key2020122802182365700_b28","unstructured":"YouGov Corporation Web Site\n (2013), www.yougov.no\/ (accessed 14 January 2013)."}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/IMCS-10-2013-0079","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-10-2013-0079\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-10-2013-0079\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T21:50:49Z","timestamp":1753393849000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/22\/4\/346-357\/176024"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,10,7]]},"references-count":28,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2014,10,7]]}},"alternative-id":["10.1108\/IMCS-10-2013-0079"],"URL":"https:\/\/doi.org\/10.1108\/imcs-10-2013-0079","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2014,10,7]]}}}