Abstract
Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations i.e. "nudges", have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords.We carried out three longitudinal studies to analyse the efficacy of a range of "nudges" by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing "nudges". Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password, and that it was this certainty that made the difference.
Original language | English |
---|---|
Pages (from-to) | 228-258 |
Number of pages | 31 |
Journal | Behavioural Public Policy |
Volume | 3 |
Issue number | 2 |
Early online date | 13 Feb 2018 |
DOIs | |
Publication status | Published - 1 Nov 2019 |
Keywords
- cybersecurity
- password choices
- password hints