Coding behavior of authentication code on the internet

•Use of authentication codes may be the troublesome part of information management.•Using accounts and passwords is an indispensable part of coding management.•Online users usually create self-constructed rules to manage authentication code.•Educate online users to build a healthy attitude toward using accounts and passwords.•Major suspects of authentication code usurpation lie among closest friends and relatives.

With the rapid growth of Internet services, virtual world has witnessed an increasingly large number of online users who have a variety of needs such as accessing various websites to gather information, easing business transactions, and sharing updates. As a result, information security has become a major concern among online users, and the verification of access codes is now the main practice used to keep information systems safe. However, some issues arise as the result of coding and managing behavior, and this research seeks to address these issues. After following the Focus Group method and interviewing 13 college students, this research finds that forgetting the access code is one of the biggest challenges to most online users simply because of the longer duration and the time when the users have a need to access the websites again, their memory will eclipse. In addition, online users usually develop self-constructed rules to cope with elusive code. These rules include: creating some sets of code that may not be meaningful to outsiders; taking different degrees of complex measures to register authentication codes, dependent upon the importance of the websites to the online users; writing the authentication codes on a scratchpad and sticking it on the computer screen; and keeping the codes in a notebook or computer file. The above practices nevertheless run the risk of being usurped by hackers, and it is found that hacking frequently takes place among closest friends, as they are quite familiar with the coding behavior of the victims. While assisting coding management does not help in this regard, as it is generally too expensive, online users troubled by the forgetting of access codes often end up with re-applying for a new set of authentication codes after unsuccessfully trying to login. All these self-constructed rules, nevertheless, constitute threat to information security. The research, in conclusion, calls for an education campaign to promote healthy coding behavior and effective coding management. The obtained findings provide valuable references for both academicians and practitioners to understand the online users’ coding behaviors and to effectively manage them accordingly to improve the resulting information security.