Nudging folks towards stronger password choices: providing certainty is the key

Karen Renaud*, Vera Zimmerman

*Corresponding author for this work

Research output: Contribution to journalArticle

136 Downloads (Pure)

Abstract

Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations i.e. “nudges”, have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords.

We carried out three longitudinal studies to analyse the efficacy of a range of “nudges” by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing “nudges”. Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password, and that it was this certainty that made the difference.
Original languageEnglish
Pages (from-to)228-258
Number of pages31
JournalBehavioural Public Policy
Volume3
Issue number2
Early online date13 Feb 2018
DOIs
Publication statusPublished - 1 Nov 2019

Fingerprint

Longitudinal Studies
Research Personnel

Cite this

@article{9302693f00e7461f88c8c494e5c24fbb,
title = "Nudging folks towards stronger password choices: providing certainty is the key",
abstract = "Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations i.e. “nudges”, have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords.We carried out three longitudinal studies to analyse the efficacy of a range of “nudges” by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing “nudges”. Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password, and that it was this certainty that made the difference.",
author = "Karen Renaud and Vera Zimmerman",
year = "2019",
month = "11",
day = "1",
doi = "10.1017/bpp.2018.3",
language = "English",
volume = "3",
pages = "228--258",
journal = "Behavioural Public Policy",
issn = "2398-063X",
publisher = "Cambridge University Press",
number = "2",

}

Nudging folks towards stronger password choices : providing certainty is the key. / Renaud, Karen; Zimmerman, Vera.

In: Behavioural Public Policy, Vol. 3, No. 2, 01.11.2019, p. 228-258.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Nudging folks towards stronger password choices

T2 - providing certainty is the key

AU - Renaud, Karen

AU - Zimmerman, Vera

PY - 2019/11/1

Y1 - 2019/11/1

N2 - Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations i.e. “nudges”, have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords.We carried out three longitudinal studies to analyse the efficacy of a range of “nudges” by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing “nudges”. Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password, and that it was this certainty that made the difference.

AB - Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations i.e. “nudges”, have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords.We carried out three longitudinal studies to analyse the efficacy of a range of “nudges” by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing “nudges”. Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password, and that it was this certainty that made the difference.

U2 - 10.1017/bpp.2018.3

DO - 10.1017/bpp.2018.3

M3 - Article

VL - 3

SP - 228

EP - 258

JO - Behavioural Public Policy

JF - Behavioural Public Policy

SN - 2398-063X

IS - 2

ER -