Hybrid password meters for more secure passwords - a comprehensive study of password meters including nudges and password information

Supporting secure and memorable password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter i.e. providing feedback on the user's password strength as and when they create it. However, findings in terms of the password meter's effectiveness are ambiguous. An extensive literature review led us to the assumption that besides password feedback, effective password meters often include: (a) feedback nudges to encourage stronger passwords, and (b) additional password guidance.
A between-subjects study was carried out with 645 people to test nine variations of password meters with different types of feedback nudges exploiting various heuristics and norms. This explored differences in resulting passwords: (1) actual strength, (2) memorability, and (3) user perceptions. The study revealed that password feedback, in combination with a feedback nudge and additional guidance, labelled a \emph{hybrid password meter}, was most efficacious on all three counts, than any other intervention on its own. Yet, the type of feedback nudge targeting either the person, the password creation, or the social context, did not significantly impact password strength. Future work should focus on the short- and long-term effects of hybrid password meters in real-life settings to confirm the external validity of these findings.