{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,4,4]],"date-time":"2022-04-04T01:33:45Z","timestamp":1649036025610},"reference-count":39,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,7]]},"abstract":"<jats:p>Applications often use behavior control mechanisms in order to ensure that individuals create sufficiently strong passwords. Behavior controls, which force individuals to utilize specific password characteristics, are assumed to be the best mechanism to encourage strong password creation. However, an over reliance on them could lead to counterproductive security behaviors. This study examines the efficacy of formal controls in the password creation process to determine if their use does indeed result in meaningfully stronger passwords than informal control techniques. Findings demonstrate that controls used during the password creation process do indeed shape password strength, but that behavior controls do not produce significantly stronger passwords than informal controls. Using an Agency Theory perspective, control techniques are considered in their ability to align principal-agent goal and risk perceptions. Findings illustrate the importance of using both informal and formal controls as a means of creating strong and effective passwords.<\/jats:p>","DOI":"10.4018\/jsse.2013070101","type":"journal-article","created":{"date-parts":[[2013,9,3]],"date-time":"2013-09-03T16:54:26Z","timestamp":1378227266000},"page":"1-17","source":"Crossref","is-referenced-by-count":0,"title":["Assessing the Value of Formal Control Mechanisms on Strong Password Selection"],"prefix":"10.4018","volume":"4","author":[{"given":"Jeff","family":"Crawford","sequence":"first","affiliation":[{"name":"School of Computing & Informatics, Lipscomb University, Nashville, TN, USA"}]}],"member":"2432","reference":[{"key":"jsse.2013070101-0","doi-asserted-by":"publisher","DOI":"10.1287\/isre.11.4.418.11876"},{"key":"jsse.2013070101-1","author":"P. M.Blau","year":"1977","journal-title":"Inequality and heterogeneity: A primitive theory of social structure"},{"key":"jsse.2013070101-2","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.8"},{"issue":"3","key":"jsse.2013070101-3","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness.","volume":"34","author":"B.Bulgurcu","year":"2010","journal-title":"Management Information Systems Quarterly"},{"key":"jsse.2013070101-4","doi-asserted-by":"publisher","DOI":"10.1287\/orsc.12.1.19.10119"},{"key":"jsse.2013070101-5","doi-asserted-by":"publisher","DOI":"10.1002\/smj.226"},{"key":"jsse.2013070101-6","doi-asserted-by":"publisher","DOI":"10.1287\/isre.14.3.291.16563"},{"key":"jsse.2013070101-7","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1070.0160"},{"issue":"1","key":"jsse.2013070101-8","doi-asserted-by":"crossref","first-page":"57","DOI":"10.5465\/amr.1989.4279003","article-title":"Agency theory: An assessment and review.","volume":"14","author":"K. M.Eisenhardt","year":"1989","journal-title":"Academy of Management Review"},{"key":"jsse.2013070101-9","doi-asserted-by":"publisher","DOI":"10.1007\/s10799-005-5880-5"},{"key":"jsse.2013070101-10","author":"M.Fishbein","year":"1975","journal-title":"Belief, attitude, intention and behavior: An introduction to theory and research"},{"key":"jsse.2013070101-11","doi-asserted-by":"crossref","unstructured":"Florencio, D., & Herley, C. (2007). A large scale study of web password habits. In Proceedings of the Sixteenth International World Wide Web Conference, Banff, Alberta, Canada.","DOI":"10.1145\/1242572.1242661"},{"key":"jsse.2013070101-12","unstructured":"Google. (2010). Protecting your Google Account. Retrieved from http:\/\/mail.google.com\/support\/bin\/answer.py?hl=en&answer=29407"},{"key":"jsse.2013070101-13","author":"J. F.Hair","year":"1998","journal-title":"Multivariate analysis"},{"key":"jsse.2013070101-14","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.6"},{"key":"jsse.2013070101-15","doi-asserted-by":"crossref","unstructured":"Herley, C. (2009). So long, and no thanks for the externalities: the rational rejection of security advice by users. In Proceedings of the 2009 Workshop on New Security Paradigms Workshop, Oxford, UK.","DOI":"10.1145\/1719030.1719050"},{"key":"jsse.2013070101-16","doi-asserted-by":"crossref","unstructured":"Herley, C., van Oorschot, P. C., & Patrick, A. S. (2009, February 23\u201326). Passwords: If we're so smart, why are we still using them? In Proceedigns of the Financial Cryptography and Data Security, Barbados.","DOI":"10.1007\/978-3-642-03549-4_14"},{"issue":"3","key":"jsse.2013070101-17","doi-asserted-by":"crossref","first-page":"525","DOI":"10.2307\/25148694","article-title":"A comprehensive conceptualization of post-adoptive behaviors associated with information technology enabled work systems.","volume":"29","author":"J.Jasperson","year":"2005","journal-title":"Management Information Systems Quarterly"},{"key":"jsse.2013070101-18","doi-asserted-by":"publisher","DOI":"10.1016\/0304-405X(76)90026-X"},{"issue":"3","key":"jsse.2013070101-19","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/25750691","article-title":"Fear appeals and information security behaviors: An empirical study.","volume":"34","author":"A. C.Johnston","year":"2010","journal-title":"Management Information Systems Quarterly"},{"key":"jsse.2013070101-20","doi-asserted-by":"publisher","DOI":"10.1287\/isre.8.3.215"},{"key":"jsse.2013070101-21","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1090.0238"},{"key":"jsse.2013070101-22","unstructured":"Microsoft. (2010). Password best practices. Retrieved from http:\/\/technet.microsoft.com\/en-us\/library\/cc784090%28WS.10%29.aspx"},{"key":"jsse.2013070101-23","unstructured":"Microsoft. (2011). Create strong passwords. Retrieved from http:\/\/www.microsoft.com\/security\/online-privacy\/passwords-create.aspx"},{"key":"jsse.2013070101-24","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.25.9.833"},{"key":"jsse.2013070101-25","doi-asserted-by":"publisher","DOI":"10.2307\/2392231"},{"key":"jsse.2013070101-26","doi-asserted-by":"publisher","DOI":"10.1037\/0021-9010.88.5.879"},{"key":"jsse.2013070101-27","doi-asserted-by":"publisher","DOI":"10.3758\/BF03195438"},{"key":"jsse.2013070101-28","doi-asserted-by":"publisher","DOI":"10.2307\/20159576"},{"key":"jsse.2013070101-29","unstructured":"Schechter, S., Herley, C., & Mitzenmacher, M. (2010). Popularity is everything: A new approach to protecting passwords from statistical-guessing attacks. In Proceedings of the USENIX Workshop on Hot Topics in Security, Boston, MA."},{"issue":"3","key":"jsse.2013070101-30","doi-asserted-by":"crossref","first-page":"473","DOI":"10.2307\/20650305","article-title":"Estimating the effect of common method variance: The method-method pair technique with an illustration from TAM research.","volume":"33","author":"R.Sharma","year":"2009","journal-title":"Management Information Systems Quarterly"},{"key":"jsse.2013070101-31","doi-asserted-by":"publisher","DOI":"10.1037\/0021-9010.92.6.1709"},{"key":"jsse.2013070101-32","doi-asserted-by":"publisher","DOI":"10.1007\/s10799-007-0014-x"},{"key":"jsse.2013070101-33","doi-asserted-by":"publisher","DOI":"10.2307\/4132314"},{"key":"jsse.2013070101-34","unstructured":"The Imperva Application Defense Center. (2010). Imperva white paper: Consumer password worst practices. Imperva."},{"issue":"4","key":"jsse.2013070101-35","doi-asserted-by":"crossref","first-page":"695","DOI":"10.2307\/25148660","article-title":"User acceptance of hedonic information systems.","volume":"28","author":"H.van der Heijden","year":"2004","journal-title":"Management Information Systems Quarterly"},{"issue":"3","key":"jsse.2013070101-36","doi-asserted-by":"crossref","first-page":"425","DOI":"10.2307\/30036540","article-title":"User acceptance of information technology: Toward a unified view.","volume":"27","author":"V.Venkatesh","year":"2003","journal-title":"Management Information Systems Quarterly"},{"key":"jsse.2013070101-37","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2007.03.007"},{"key":"jsse.2013070101-38","doi-asserted-by":"publisher","DOI":"10.4018\/joeuc.2004070103"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=83632","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,23]],"date-time":"2019-07-23T03:44:41Z","timestamp":1563853481000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jsse.2013070101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2013,7]]},"references-count":39,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/jsse.2013070101","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,7]]}}}