Enriched nudges lead to stronger password replacements … but implement mindfully

Karen Renaud, Verena Zimmermann

Research output: Contribution to conferencePaperpeer-review

5 Citations (Scopus)

Abstract

People usually respond to enforced changes caused by password expiry by making each successive password weaker. This is because the effort involved in memorising a password cannot be amortised over a period of time. To ensure retention they use a password they know they will not forget. This paper explores the password-changing behaviour of the participants exposed to an enriched nudge intervention. The enriched nudge combined a traditional nudge (manipulation of the “choice architecture” (user interface)) with a carrot (utility offered by a variable password expiry period, depending on the strength of the password) and a prod (frequent reminders). A longitudinal study discovered that, contrary to expectations and usual practice, participants chose stronger passwords when they replaced them. This finding suggests that changing passwords is more cognitively demanding and effortful than the memorising of a single strong password. Moreover, allowing people to engage in the latter to avoid the former has the effect of improving password strength overall. The paper concludes with an admonition for implementers to be aware of the burden imposed on users by password aging, and urging them to apply it only when the risk justifies imposing this burden.
Original languageEnglish
Number of pages9
DOIs
Publication statusPublished - 16 Aug 2017
EventInformation Security South Africa - Johannesburg, South Africa
Duration: 16 Aug 201717 Aug 2017
https://ieeexplore.ieee.org/xpl/conhome/8240063/proceeding

Conference

ConferenceInformation Security South Africa
Abbreviated titleISSA
Country/TerritorySouth Africa
CityJohannesburg
Period16/08/1717/08/17
Internet address

Keywords

  • aging
  • computer hacking
  • user interfaces
  • authentication
  • electronic mail
  • password expiry
  • password-changing behaviour
  • nudging
  • authorisation
  • stronger password replacements

Fingerprint

Dive into the research topics of 'Enriched nudges lead to stronger password replacements … but implement mindfully'. Together they form a unique fingerprint.

Cite this