Examining the Role of Organizational Password Security Policies in Individual Password Security Behaviors

Organizations typically construct computer access password policies that request or require employees to create “strong” passwords. Challenges arise for these employees in attempting to conform to a long list of difficult and potentially conflicting criteria. This dissertation research-in-progress uses concepts from Behavioral Reasoning Theory, General Deterrence Theory, and other theories to examine the conflicting nature of such policies and their impact on password security behaviors. Results are expected to show that traditional countermeasures, while useful in preventing some IS misuse, are not as effective in preventing password misuse, in part because alternative reasons exist that motivate individuals to engage in insecure behaviors. Contributions to academic research and implications for practitioners are discussed.