Simple nudges for better password creation

James Nicholson; Vasilis Vlachokyriakos; Lynne Coventry; Pam Briggs; Patrick Olivier

doi:10.14236/ewic/HCI2018.46

Simple nudges for better password creation

James Nicholson, Vasilis Vlachokyriakos, Lynne Coventry, Pam Briggs, Patrick Olivier

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

30 Downloads (Pure)

Abstract

Recent security breaches have highlighted the consequences of reusing passwords across online accounts. Recent guidance on password policies by the UK government recommend an emphasis on password length over an extended character set for generating secure but memorable passwords without cognitive overload. This paper explores the role of three nudges in creating website-specific passwords: financial incentive (present vs absent), length instruction (long password vs no instruction) and stimulus (picture present vs not present). Mechanical Turk workers were asked to create a password in one of these conditions and the resulting passwords were evaluated based on character length, resistance to automated guessing attacks, and time taken to create the password. We found that users created longer passwords when asked to do so or when given a financial incentive and these longer passwords were harder to guess than passwords created with no instruction. Using a picture nudge to support password creation did not lead to passwords that were either longer or more resistant to attacks but did lead to account-specific passwords.

Original language	English
Title of host publication	Proceedings of the 32nd International BCS Human Computer Interaction Conference
Editors	Raymond Bond, Maurice Mulvenna, Jonathan Wallace, Michaela Black
Place of Publication	Swindon
Publisher	BCS Learning & Development Ltd.
Number of pages	12
DOIs	https://doi.org/10.14236/ewic/HCI2018.46
Publication status	Published - 4 Jul 2018
Externally published	Yes
Event	32nd International Human Computer Interaction Conference - Church House, Belfast, United Kingdom Duration: 4 Jul 2018 → 6 Jul 2018 Conference number: 32 http://hci2018.bcs.org/

Publication series

Name	Electronic Workshops in Computing
Publisher	BCS Learning & Development
ISSN (Electronic)	1477-9358

Conference

Conference	32nd International Human Computer Interaction Conference
Abbreviated title	HCI 2018
Country/Territory	United Kingdom
City	Belfast
Period	4/07/18 → 6/07/18
Internet address	http://hci2018.bcs.org/

Keywords

Passwords
User authentication
Nudges

Access to Document

10.14236/ewic/HCI2018.46Licence: CC BY

Coventry_SimpleNudgesForBetterPasswordCreation_Published_2018Final published version, 450 KBLicence: CC BY

Cite this

Nicholson, J., Vlachokyriakos, V., Coventry, L., Briggs, P., & Olivier, P. (2018). Simple nudges for better password creation. In R. Bond, M. Mulvenna, J. Wallace, & M. Black (Eds.), Proceedings of the 32nd International BCS Human Computer Interaction Conference (Electronic Workshops in Computing). BCS Learning & Development Ltd.. https://doi.org/10.14236/ewic/HCI2018.46

@inproceedings{6903e401dba746e081e1196e711b4ba4,

title = "Simple nudges for better password creation",

abstract = "Recent security breaches have highlighted the consequences of reusing passwords across online accounts. Recent guidance on password policies by the UK government recommend an emphasis on password length over an extended character set for generating secure but memorable passwords without cognitive overload. This paper explores the role of three nudges in creating website-specific passwords: financial incentive (present vs absent), length instruction (long password vs no instruction) and stimulus (picture present vs not present). Mechanical Turk workers were asked to create a password in one of these conditions and the resulting passwords were evaluated based on character length, resistance to automated guessing attacks, and time taken to create the password. We found that users created longer passwords when asked to do so or when given a financial incentive and these longer passwords were harder to guess than passwords created with no instruction. Using a picture nudge to support password creation did not lead to passwords that were either longer or more resistant to attacks but did lead to account-specific passwords.",

author = "James Nicholson and Vasilis Vlachokyriakos and Lynne Coventry and Pam Briggs and Patrick Olivier",

note = "Copyright statement: {\textcopyright} Nicholson et al. Published by BCS Learning and Development Ltd. Proceedings of British HCI 2018. Belfast, UK. License: This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/; 32nd International Human Computer Interaction Conference, HCI 2018 ; Conference date: 04-07-2018 Through 06-07-2018",

year = "2018",

month = jul,

day = "4",

doi = "10.14236/ewic/HCI2018.46",

language = "English",

series = "Electronic Workshops in Computing",

publisher = "BCS Learning \& Development Ltd.",

editor = "Raymond Bond and Maurice Mulvenna and Jonathan Wallace and Michaela Black",

booktitle = "Proceedings of the 32nd International BCS Human Computer Interaction Conference",

url = "http://hci2018.bcs.org/",

}

Nicholson, J, Vlachokyriakos, V, Coventry, L, Briggs, P & Olivier, P 2018, Simple nudges for better password creation. in R Bond, M Mulvenna, J Wallace & M Black (eds), Proceedings of the 32nd International BCS Human Computer Interaction Conference. Electronic Workshops in Computing, BCS Learning & Development Ltd., Swindon, 32nd International Human Computer Interaction Conference, Belfast, United Kingdom, 4/07/18. https://doi.org/10.14236/ewic/HCI2018.46

Simple nudges for better password creation. / Nicholson, James; Vlachokyriakos, Vasilis; Coventry, Lynne et al.
Proceedings of the 32nd International BCS Human Computer Interaction Conference. ed. / Raymond Bond; Maurice Mulvenna; Jonathan Wallace; Michaela Black. Swindon: BCS Learning & Development Ltd., 2018. (Electronic Workshops in Computing).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Simple nudges for better password creation

AU - Nicholson, James

AU - Vlachokyriakos, Vasilis

AU - Coventry, Lynne

AU - Briggs, Pam

AU - Olivier, Patrick

N1 - Conference code: 32

PY - 2018/7/4

Y1 - 2018/7/4

N2 - Recent security breaches have highlighted the consequences of reusing passwords across online accounts. Recent guidance on password policies by the UK government recommend an emphasis on password length over an extended character set for generating secure but memorable passwords without cognitive overload. This paper explores the role of three nudges in creating website-specific passwords: financial incentive (present vs absent), length instruction (long password vs no instruction) and stimulus (picture present vs not present). Mechanical Turk workers were asked to create a password in one of these conditions and the resulting passwords were evaluated based on character length, resistance to automated guessing attacks, and time taken to create the password. We found that users created longer passwords when asked to do so or when given a financial incentive and these longer passwords were harder to guess than passwords created with no instruction. Using a picture nudge to support password creation did not lead to passwords that were either longer or more resistant to attacks but did lead to account-specific passwords.

AB - Recent security breaches have highlighted the consequences of reusing passwords across online accounts. Recent guidance on password policies by the UK government recommend an emphasis on password length over an extended character set for generating secure but memorable passwords without cognitive overload. This paper explores the role of three nudges in creating website-specific passwords: financial incentive (present vs absent), length instruction (long password vs no instruction) and stimulus (picture present vs not present). Mechanical Turk workers were asked to create a password in one of these conditions and the resulting passwords were evaluated based on character length, resistance to automated guessing attacks, and time taken to create the password. We found that users created longer passwords when asked to do so or when given a financial incentive and these longer passwords were harder to guess than passwords created with no instruction. Using a picture nudge to support password creation did not lead to passwords that were either longer or more resistant to attacks but did lead to account-specific passwords.

U2 - 10.14236/ewic/HCI2018.46

DO - 10.14236/ewic/HCI2018.46

M3 - Conference contribution

AN - SCOPUS:85058331046

T3 - Electronic Workshops in Computing

BT - Proceedings of the 32nd International BCS Human Computer Interaction Conference

A2 - Bond, Raymond

A2 - Mulvenna, Maurice

A2 - Wallace, Jonathan

A2 - Black, Michaela

PB - BCS Learning & Development Ltd.

CY - Swindon

T2 - 32nd International Human Computer Interaction Conference

Y2 - 4 July 2018 through 6 July 2018

ER -

Nicholson J, Vlachokyriakos V, Coventry L, Briggs P, Olivier P. Simple nudges for better password creation. In Bond R, Mulvenna M, Wallace J, Black M, editors, Proceedings of the 32nd International BCS Human Computer Interaction Conference. Swindon: BCS Learning & Development Ltd. 2018. (Electronic Workshops in Computing). Epub 2018 Jul 4. doi: 10.14236/ewic/HCI2018.46

Simple nudges for better password creation

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this