Search results

Cognitive passwords are typically realized using “one size fits all” fact‐based or opinion‐based questions, and as such are prone to guessing attacks. The purpose of this paper is to propose a method of personalizing cognitive passwords to individual users, to close this loophole, and evaluate its performance against rigid cognitive passwords.

A personalized questionnaire formulated by the subjects was benchmarked against a rigid questionnaire in terms of recall and security. The evaluation employed two constructs used extensively in previous research, namely, Recall – the success in remembering a password, and Secrecy – the likelihood that the password cannot be guessed.

While the experiment found that personalization increases the recall of cognitive passwords, it showed no improvement in secrecy (reducing guessing rates).

The study was conducted in an academic environment with young freshmen students thereby limiting external validity. Another problem might stem from the difference in the length of the questionnaires between groups in order to minimize drop‐out rates.

Secrecy was and still is the Achilles heel of the cognitive password mechanism and therefore the results imply that some restrictions should be imposed to prevent selection of over‐simplistic cognitive passwords.

This study is important because it is the first of its kind – benchmarking recall and secrecy of two types of cognitive authentication methods – rigid and personalized.

The aim of this study is to evaluate effectiveness of several end‐user training methods during the deployment of a new information system in an Israeli financial institution.

Four training methods, namely, frontal (lectures), simulator (e‐learning), mentor (personal guidance), and hybrid (mix of the three aforementioned methods) were all compared in terms of the number of referrals to an online helpdesk following training sessions.

A pair‐wise analysis to pinpoint the source of the differences between the various training methods indicates that all training methods are significantly different except for frontal and simulator and therefore an organization considering these two methods can select them indifferently. A combination of mentor and simulator was found to be significantly inferior to the frontal and simulator hybrid method.

The main limitation of the study is that evaluation was based on data associated with a specific organization, and thus external validity to other industries or countries is somewhat limited. Among other limitations are cross‐organizational differences in terms of: difficulty of calls, individual experience in the IS/IT area, and prior exposure to similar technologies.

Although this research does not recommend a specific training method, our findings suggest that deploying a new software system is a matter that requires early assessment by the organization and that the best results are obtained by employing the hybrid training approach.

The use of the number of referrals to an online helpdesk is a novel metric for measuring training effectiveness. The study also investigates the decline of the number of referrals over time.