Ophoff DeterminingKeyFactors Accepted 2019
Ophoff DeterminingKeyFactors Accepted 2019
Ophoff DeterminingKeyFactors Accepted 2019
Abstract— Passwords form part of our daily routine and field. Next, the theoretical framework is discussed, this
even though there are alternative authentication mechanisms, includes the hypotheses and conceptual model. The
such as biometrics, passwords stubbornly persist. Passwords following chapter will address the research methodology that
have been around for the last few decades, but also the various was used. This is followed by a section on data analysis and
problems associated with users trying to create passwords that a discussion of the results. Lastly, the conclusion summarises
are strong and secure. Users are faced with a cognitive burden the research contributions.
in managing passwords which often leads to poor password
practices or users recycling passwords across various accounts.
While there is no anticipated end to the use of passwords, II. BACKGROUND
scholars have identified that passwords need to be better In the following subsections, some context around
supported – one such method is using a password manager. passwords, password problems and an outline of password
There is a wealth of technical research relating to password managers is presented.
managers, which has led to drastic improvements and the
maturing of the technology. However, there is a little research
on why people would choose to adopt password managers. To A. Password paradigm
explore these factors, this research uses an adapted version of Passwords are an integral part of every person’s life; they are
the Unified Theory of Acceptance and Use of Technology used daily to access a plethora of online services, systems,
(UTAUT2) that includes trust as an additional construct. Using devices and computers. As these services have exponentially
empirical data, the results of the study show that performance expanded over the last few decades, the number of login
expectancy, habit, and trust are key factors in the intention to
credentials and passwords that users need to recall has
adopt a password manager.
drastically increased. Although the death of passwords has
Keywords—technology adoption, password manager, been predicted by various key figures, security managers and
information security, trust, UTAUT2, PLS-SEM. corporate companies over the last two decades [1]–[4],
passwords persist and will most likely remain for quite some
I. INTRODUCTION time. The persistence of passwords has been acknowledged
and irrespective of the ongoing attempt to replace passwords
Passwords are used daily by almost every person to with a worldwide longing to have them replaced, they
access a multitude of accounts, systems and websites. remain part of our daily lives [5]. It has been argued that no
Initially, people only had a few passwords to remember, but single solution or “silver bullet” would be the answer to the
with the growth of technology, the sheer volume of accounts
problem, but rather that, a “best-fit” solution would need to
with corresponding passwords has increased to the point
where keeping track of each password is a burden. With be adopted and as passwords would endure for the
cyber-crime on the rise, the requirements for creating a foreseeable future [5]. A recent report from Cybersecurity
secure password for each system further complicates the Ventures envisions that the “total universe of passwords will
problem, especially as people are reusing or recycling likely grow from approximately 90 billion today to 300
passwords. billion by 2020” [6, p. 2]. With an understanding of the
password epitome, the next section will address password
While there have been attempts to replace passwords and security.
alternative authentication methods, passwords stubbornly
persist. While there is no single solution to the problem, one B. Password security
recommendation is to better support the use of passwords. Research into password security related problems dates
One such method is using password managers, while they back to 1979 [7]; this has allowed scholars to contribute a
have been around for quite some time and are recommended wealth of research in the field over the last few decades.
by security experts, there still seems to be little uptake to Researchers conducted a systematic literature review that
using a password manager. While there is research into the found there has not been a paradigm change in password
various types of password managers, proposals, security management for over thirty-five years [8]. The security of
concerns and recommendations, there is very little research passwords remains a significant problem with varying
on why some people adopt password managers. This paper requirements for creating secure passwords, such as
intends to determine the key factors; therefore this paper will password length, alphanumeric characters, special characters
not address any technical security concerns of the tools. and the use of passphrases.
The remainder of this paper is organised as follows. First, Research into the “characteristics of over 6 million
the problem behind passwords will be presented, this section passwords” specifically looked into “password length,
includes password security, defining password managers, password composition, and password selection” [9, p. 130].
outlining the various available types and related work in the