Nudging folks towards stronger password choices: providing certainty is the key

Karen Renaud, Vera Zimmerman

Research output: Contribution to journalArticlepeer-review

28 Citations (Scopus)
26 Downloads (Pure)

Abstract

Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations i.e. "nudges", have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords.We carried out three longitudinal studies to analyse the efficacy of a range of "nudges" by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing "nudges". Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password, and that it was this certainty that made the difference.
Original languageEnglish
Pages (from-to)228-258
Number of pages31
JournalBehavioural Public Policy
Volume3
Issue number2
Early online date13 Feb 2018
DOIs
Publication statusPublished - 1 Nov 2019

Keywords

  • cybersecurity
  • password choices
  • password hints

Fingerprint

Dive into the research topics of 'Nudging folks towards stronger password choices: providing certainty is the key'. Together they form a unique fingerprint.

Cite this