The psychology of password management: A tradeoff between security and convenience

Despite technological advances, humans remain the weakest link in internet security.  In this paper, we examined user motivation behind five password management behaviors, e.g. selecting a password for the first time. We found that despite the fact that users know what constitutes a good/bad password and know which common password management practices, e.g., taping a password to a computer, are inappropriate, users engage in these behaviors because they do not see any immediate negative consequences to themselves (negative externalities) and because of the security-convenience tradeoff. We found that this tradeoff can be positively influenced by imposing a time frame factor.