Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/41220

Using Context-Based Password Strength Meter to Nudge Users' Password Generating Behavior: A Randomized Experiment

File SizeFormat 
paper0071.pdf814.04 kBAdobe PDFView/Open

Item Summary

Title: Using Context-Based Password Strength Meter to Nudge Users' Password Generating Behavior: A Randomized Experiment
Authors: Khern-am-nuai, Warut
Yang, Weining
Li, Ninghui
Keywords: Password
Password Strength Meter
Randomized Experiment
Information Security
Human Computer Interaction
Issue Date: 04 Jan 2017
Abstract: Encouraging users to create stronger passwords is one of the key issues in password-based authentication. It is particularly important as prior works have highlighted that most passwords are weak. Yet, passwords are still the most commonly used authentication method. This paper seeks to mitigate the issue of weak passwords by proposing a context-based password strength meter. We conduct a randomized experiment on Amazon MTurk and observe the change in users’ behavior. The results show that our proposed method is significantly effective. Users exposed to our password strength meter are more likely to change their passwords after seeing the warning message, and those new passwords are stronger. Furthermore, users are willing to invest their time to learn about creating a stronger password, even in a traditional password strength meter setting. Our findings suggest that simply incorporating contextual information to password strength meters could be an effective method in promoting more secure behaviors among end users.
Pages/Duration: 10 pages
URI/DOI: http://hdl.handle.net/10125/41220
ISBN: 978-0-9981331-0-2
DOI: 10.24251/HICSS.2017.071
Rights: Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections:Human-Computer Interaction: Informing Design Utilizing Behavioral, Neurophysiological, and Design Science Methods Minitrack



Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.