Complex passwords: How far is too far? The role of cognitive load on employee productivity

The proliferation of information systems (IS) over the past decade has increased the demand for system authentication. While the majority of system authentications are password-based, it is well documented that passwords have significant limitations. To address this issue, companies and system developers have been placing increased requirements on the user to ensure their passwords are more complex and consequently stronger. In addition to meeting a certain complexity threshold, the password must also be changed on a regular basis. In corporate environments, such increased demand can make a significant impact on employees’ productivity. As the cognitive load increases on the employees using complex passwords and changing them, they may have difficulty recalling their passwords. This may hinder employees’ productivity as they spend more time contacting the Help Desk to reset their passwords. As such, the focus of our study is to determine the effects of raising the cognitive load of the authentication strength for users upon accessing a system. In this work-in-progress study, we seek to provide a blueprint for a research study that will uncover the point at which raising the authentication strength for passwords becomes counterproductive. A quasi-experiment is proposed including detailed experimental procedure and data analyses. The paper ends with conclusions and implications.