Hybrid password meters for more secure passwords - a comprehensive study of password meters including nudges and password information

Zimmermann, Verena and Marky, Karola and Renaud, Karen (2022) Hybrid password meters for more secure passwords - a comprehensive study of password meters including nudges and password information. Behaviour & Information Technology, 42 (6). pp. 700-743. ISSN 1362-3001 (https://doi.org/10.1080/0144929X.2022.2042384)

Preview

Text. Filename: Zimmermann_etal_BIT_2022_Hybrid_password_meters_for_more_secure_passwords_a_comprehensive_study_of_password_meters.pdf Accepted Author Manuscript Download (3MB)| Preview

Abstract

Supporting secure and memorable password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter i.e. providing feedback on the user's password strength as and when they create it. However, findings in terms of the password meter's effectiveness are ambiguous. An extensive literature review led us to the assumption that besides password feedback, effective password meters often include: (a) feedback nudges to encourage stronger passwords, and (b) additional password guidance. A between-subjects study was carried out with 645 people to test nine variations of password meters with different types of feedback nudges exploiting various heuristics and norms. This explored differences in resulting passwords: (1) actual strength, (2) memorability, and (3) user perceptions. The study revealed that password feedback, in combination with a feedback nudge and additional guidance, labelled a \emph{hybrid password meter}, was most efficacious on all three counts, than any other intervention on its own. Yet, the type of feedback nudge targeting either the person, the password creation, or the social context, did not significantly impact password strength. Future work should focus on the short- and long-term effects of hybrid password meters in real-life settings to confirm the external validity of these findings.

ORCID iDs

Renaud, Karen ORCID: https://orcid.org/0000-0002-7187-6531

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Article
  ID code:	79599
  Dates:	Date Event 1 March 2022 Published 1 March 2022 Published Online 3 February 2022 Accepted
  Subjects:	Science > Mathematics > Electronic computers. Computer science
  Department:	Faculty of Science > Computer and Information Sciences
  Depositing user:	Pure Administrator
  Date deposited:	14 Feb 2022 15:55
  Last modified:	11 Nov 2024 13:23
  Related URLs:	Journal or Publication
  URI:	https://strathprints.strath.ac.uk/id/eprint/79599