Lösenordshantering bland anställda på IT-företag
Sammanfattning: In 2019 over 60% of Swedish companies had their business processes digitalized, which mean that they need to protect the digitalized data and information. A common method for protecting digital information and data is by using authentication methods. One authentication method is by using passwords. For a password to be secure users must use the password in a secure manner. The IT industry is responsible for developing digital services and products and therefore have knowledge about information security and how to use passwords in a secure manner. Although employees in the IT industry should have knowledge about how to handle passwords, it seems that employees don’t always use passwords in a secure manner. The research questions for this study are: How does employees in IT companies handle their passwords regarding how they create, remember, reuse and share their passwords? and What influences the way the employees handle their passwords? A qualitative case study was conducted, and semi structured interviews was used for data collection. The data was analyzed in relation to how ISO-27002 defines the secure way to handle passwords, the CIA triangle, the protection motivation theory and previous research. The results of the case study show that the respondents had knowledge about secure password usage, but only partly used passwords in a secure manner. The results show that there was a contradiction between secure password usage versus usability; secure passwords versus memory capacity; and securing password use by systems versus passwords being the user’s responsibility. These contradictions resulted in that the respondents sometimes deliberately chose to use passwords in an insecure manner.
HÄR KAN DU HÄMTA UPPSATSEN I FULLTEXT. (följ länken till nästa sida)