error
Kurzer Serviceunterbruch am Donnerstag, 22. Januar 2026, 12 bis 13 Uhr. Sie können in diesem Zeitraum keine neuen Dokumente hochladen oder bestehende Einträge bearbeiten. Das Login wird in diesem Zeitraum deaktiviert. Grund: Wartungsarbeiten // Short service interruption on Thursday, January 22, 2026, 12.00 – 13.00. During this time, you won’t be able to upload new documents or edit existing records. The login will be deactivated during this time. Reason: maintenance work
 

Enriched Nudges Lead to Stronger Password Replacements ... but Implement Mindfully

METADATA ONLY

Author / Producer

Renaud, Karen

Date

2017

Publication Type

Conference Paper

ETH Bibliography

no

Citations

Altmetric
METADATA ONLY

Data

Rights / License

Abstract

People usually respond to enforced changes caused by password expiry by making each successive password weaker. This is because the effort involved in memorising a password cannot be amortised over a period of time. To ensure retention they use a password they know they will not forget. This paper explores the password-changing behaviour of the participants exposed to an enriched nudge intervention. The enriched nudge combined a traditional nudge (manipulation of the “choice architecture” (user interface)) with a carrot (utility offered by a variable password expiry period, depending on the strength of the password) and a prod (frequent reminders). A longitudinal study discovered that, contrary to expectations and usual practice, participants chose stronger passwords when they replaced them. This finding suggests that changing passwords is more cognitively demanding and effortful than the memorising of a single strong password. Moreover, allowing people to engage in the latter to avoid the former has the effect of improving password strength overall. The paper concludes with an admonition for implementers to be aware of the burden imposed on users by password aging, and urging them to apply it only when the risk justifies imposing this burden.

Permanent link

http://hdl.handle.net/20.500.11850/553970

Publication status

published

External links

https://doi.org/10.1109/ISSA.2017.8251779 north_east

Editor

Book title

Proceedings of the 2017 Information Security for South Africa Conference (ISSA)

Journal / series

Volume

Pages / Article No.

1 - 9

Publisher

IEEE

Event

16th International Information Security for South Africa Conference (ISSA 2017)

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

password expiry; password-changing behaviour; nudging; authentication

Organisational unit

09775 - Zimmermann, Verena / Zimmermann, Verena check_circle
02045 - Dep. Geistes-, Sozial- u. Staatswiss. / Dep. of Humanities, Social and Pol.Sc.

Notes

Funding

Related publications and datasets

More

Show all metadata