A survey on computer password practices among medical undergraduate students at Faculty of Medicine, National University of Malaysia

Abstract

Background: Without any doubt, the combo of user ID and password are the most used authentication method in the computing and internet environment. However, due to the enormous number of accounts that require password authentication, users tend to develop bad habits in their password practices which in turn will put their account security at risk. With the increasing use of computing in health-care settings and the use of EMR in hospitals, such practices are a cause for concern. Methods: This is a cross-sectional study using self-administered questionnaires, investigating the practice of the respondents in keeping their passwords secure. Respondents in this survey are the undergraduate students of Faculty of Medicine, Universiti Kebangsaan Malaysia. Results: Among the findings are that 87.4% of the respondents used the same password for more than one account. If a user used the same password for several accounts, it might trigger a domino effect if any of the account passwords were compromised. A total of 98.9% of the respondents memorised their password only in their mind, without writing down the password anywhere. This may lead to using easily guessable passwords which may introduce additional security risk to their accounts. The majority of the respondents (96.6%) never or rarely change their passwords. The study also showed that 82.7% of the respondents used passwords which are 6-8 characters in length. Longer passwords are usually safer but harder to remember. The questionnaire also explored the users’ password combination style, whether they used numbers only or combination of numbers and alphabets or some other pattern. A total of 39.1% used letters only but 27.6% used combination of numbers only which is less secure. About 77% of the respondents used personal information such as their birthday date or a person’s name as part of their password. Conclusions: This habit may make their password guessable to people who are close to them. In conclusion, most medical students are not practising safe password conduct and they should be educated on this. If not, patients’ data confidentiality may be compromised in the future due to such practices.