Enriched Nudges Lead to Stronger Password Replacements ... but Implement Mindfully
Metadata only
Date
2017Type
- Conference Paper
ETH Bibliography
no
Altmetrics
Abstract
People usually respond to enforced changes caused by password expiry by making each successive password weaker. This is because the effort involved in memorising a password cannot be amortised over a period of time. To ensure retention they use a password they know they will not forget. This paper explores the password-changing behaviour of the participants exposed to an enriched nudge intervention. The enriched nudge combined a traditional nudge (manipulation of the “choice architecture” (user interface)) with a carrot (utility offered by a variable password expiry period, depending on the strength of the password) and a prod (frequent reminders). A longitudinal study discovered that, contrary to expectations and usual practice, participants chose stronger passwords when they replaced them. This finding suggests that changing passwords is more cognitively demanding and effortful than the memorising of a single strong password. Moreover, allowing people to engage in the latter to avoid the former has the effect of improving password strength overall. The paper concludes with an admonition for implementers to be aware of the burden imposed on users by password aging, and urging them to apply it only when the risk justifies imposing this burden. Show more
Publication status
publishedExternal links
Book title
Proceedings of the 2017 Information Security for South Africa Conference (ISSA)Pages / Article No.
Publisher
IEEEEvent
Subject
password expiry; password-changing behaviour; nudging; authenticationOrganisational unit
02045 - Dep. Geistes-, Sozial- u. Staatswiss. / Dep. of Humanities, Social and Pol.Sc.09775 - Zimmermann, Verena / Zimmermann, Verena
More
Show all metadata
ETH Bibliography
no
Altmetrics