Hybrid password meters for more secure passwords - a comprehensive study of password meters including nudges and password information

Supporting users with secure password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter, i.e. providing feedback on the user's password strength as and when it is created. However, findings related to the password meter's effectivenes...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Behaviour & Information Technology Ročník 42; číslo 6; s. 700 - 743
Hlavní autori: Zimmermann, Verena, Marky, Karola, Renaud, Karen
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: London Taylor & Francis 26.04.2023
Informa UK Limited
Taylor & Francis Ltd
Predmet:
Authentication
Between-subjects design
Electronic computers. Computer science
Feedback
Heuristic
Intervention
Literature reviews
Long term
Meter
Norms
nudge
password creation
password meter
Passwords
QA75
Social environment
user-centred design
ISSN:0144-929X, 1362-3001
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Supporting users with secure password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter, i.e. providing feedback on the user's password strength as and when it is created. However, findings related to the password meter's effectiveness are varied. An extensive literature review revealed that, besides password feedback, effective password meters often include: (a) feedback nudges to encourage stronger passwords choices and (b) additional guidance. A between-subjects study was carried out with 645 participants to test nine variations of password meters with different types of feedback nudges exploiting various heuristics and norms. This study explored differences in resulting passwords: (1) actual strength, (2) memorability, and (3) user perceptions. The study revealed that password feedback, in combination with a feedback nudge and additional guidance, labelled a hybrid password meter, was generally more efficacious than either intervention on its own, on all three metrics. Yet, the type of feedback nudge targeting either the person, the password creation task, or the social context, did not seem to matter much. The meters were nearly equally efficacious. Future work should explore the long-term effects of hybrid password meters in real-life settings to confirm the external validity of these findings.
Bibliografia:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0144-929X
1362-3001
DOI:10.1080/0144929X.2022.2042384