Using Context-Based Password Strength Meter to Nudge Users' Password Generating Behavior: A Randomized Experiment

Date
2017-01-04
Authors
Khern-am-nuai, Warut
Yang, Weining
Li, Ninghui
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Encouraging users to create stronger passwords is one of the key issues in password-based authentication. It is particularly important as prior works have highlighted that most passwords are weak. Yet, passwords are still the most commonly used authentication method. This paper seeks to mitigate the issue of weak passwords by proposing a context-based password strength meter. We conduct a randomized experiment on Amazon MTurk and observe the change in users’ behavior. The results show that our proposed method is significantly effective. Users exposed to our password strength meter are more likely to change their passwords after seeing the warning message, and those new passwords are stronger. Furthermore, users are willing to invest their time to learn about creating a stronger password, even in a traditional password strength meter setting. Our findings suggest that simply incorporating contextual information to password strength meters could be an effective method in promoting more secure behaviors among end users.
Description
Keywords
Password, Password Strength Meter, Randomized Experiment, Information Security, Human Computer Interaction
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.