Hybrid password meters for more secure passwords – a comprehensive study of password meters including nudges and password information

Verena Zimmermann*, Karola Marky, Karen Renaud

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Supporting users with secure password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter, i.e. providing feedback on the user's password strength as and when it is created. However, findings related to the password meter's effectiveness are varied. An extensive literature review revealed that, besides password feedback, effective password meters often include: (a) feedback nudges to encourage stronger passwords choices and (b) additional guidance. A between-subjects study was carried out with 645 participants to test nine variations of password meters with different types of feedback nudges exploiting various heuristics and norms. This study explored differences in resulting passwords: (1) actual strength, (2) memorability, and (3) user perceptions. The study revealed that password feedback, in combination with a feedback nudge and additional guidance, labelled a hybrid password meter, was generally more efficacious than either intervention on its own, on all three metrics. Yet, the type of feedback nudge targeting either the person, the password creation task, or the social context, did not seem to matter much. The meters were nearly equally efficacious. Future work should explore the long-term effects of hybrid password meters in real-life settings to confirm the external validity of these findings.
Original languageEnglish
Number of pages44
JournalBehaviour and Information Technology
Early online date1 Mar 2022
DOIs
Publication statusE-pub ahead of print - 1 Mar 2022

Keywords

  • Authentication
  • Password meter
  • Nudge
  • Password creation
  • User-centred design

Fingerprint

Dive into the research topics of 'Hybrid password meters for more secure passwords – a comprehensive study of password meters including nudges and password information'. Together they form a unique fingerprint.

Cite this