Human Factors Considerations for Passwords
Kenneth Allendoerfer, PhD.
Allendoerfer, K., & Pai, S. (2006). Human factors considerations for passwords and other user identification techniques part 2: Field study, results and analysis (DOT/FAA/TC-06/09). Atlantic City International Airport, NJ: Federal Aviation Administration William J. Hughes Technical Center.
Within the Federal Aviation Administration (FAA) Air Traffic Organization (ATO), Technical Operations (TO) personnel ensure that the systems that make up the National Airspace System (NAS) function safely and effectively. TO personnel manage and maintain more than 44,000 pieces of NAS equipment and systems at over 6,000 facilities and locations. They work at many types of facilities including the National Operations Control Center (NOCC), Operations Control Centers (OCCs), Air Route Traffic Control Centers (ARTCCs), Terminal Radar Approach Control (TRACON) facilities, Air Traffic Control Towers (ATCTs), and Automated Flight Service Stations (AFSSs). The FAA employs a variety of user-identification techniques including knowledge-based techniques, such as passwords, token-based techniques (such as badge readers) to ensure that facilities, equipment, and personnel are secure. In 2004, the Technical Operations Services organization became increasingly concerned about the number of usernames, passwords, and tokens that TO personnel were being expected to use. The NAS Human Factors Group conducted a field study to examine the human factors implications of user-identification techniques currently employed at field sites to prevent unauthorized access to NAS equipment and information technology systems. In this report, we present findings from the field study and provide recommendations that are specific to the TO users, tasks, and environment. These recommendations seek to improve the human factors of user-identification technologies and policies to improve the productivity, workload, and job satisfaction of TO employees.
Updated: May 04, 2012 11:21 AM