Simple nudges for better password creation

James Nicholson, Vasilis Vlachokyriakos, Lynne Coventry, Pam Briggs, Patrick Olivier

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

Recent security breaches have highlighted the consequences of reusing passwords across online accounts. Recent guidance on password policies by the UK government recommend an emphasis on password length over an extended character set for generating secure but memorable passwords without cognitive overload. This paper explores the role of three nudges in creating website-specific passwords: financial incentive (present vs absent), length instruction (long password vs no instruction) and stimulus (picture present vs not present). Mechanical Turk workers were asked to create a password in one of these conditions and the resulting passwords were evaluated based on character length, resistance to automated guessing attacks, and time taken to create the password. We found that users created longer passwords when asked to do so or when given a financial incentive and these longer passwords were harder to guess than passwords created with no instruction. Using a picture nudge to support password creation did not lead to passwords that were either longer or more resistant to attacks but did lead to account-specific passwords.

Original languageEnglish
Title of host publicationProceedings of the 32nd International BCS Human Computer Interaction Conference (HCI 2018)
Subtitle of host publicationBelfast, UK, 4 - 6 July 2018
EditorsRaymond Bond, Maurice Mulvenna, Jonathan Wallace, Michaela Black
Place of PublicationUK
PublisherBCS Learning and Development Limited
Number of pages12
ISBN (Electronic)1477-9358
DOIs
Publication statusPublished - 2018
Externally publishedYes
EventBritish Computer Society Conference on Human-Computer Interaction 2018 - Belfast, United Kingdom
Duration: 4 Jul 20186 Jul 2018
Conference number: 32nd
http://2018.hci.international/

Conference

ConferenceBritish Computer Society Conference on Human-Computer Interaction 2018
Abbreviated titleHCI 2018
CountryUnited Kingdom
CityBelfast
Period4/07/186/07/18
Internet address

Keywords

  • Nudges
  • Passwords
  • User Authentication

Cite this

Nicholson, J., Vlachokyriakos, V., Coventry, L., Briggs, P., & Olivier, P. (2018). Simple nudges for better password creation. In R. Bond, M. Mulvenna, J. Wallace, & M. Black (Eds.), Proceedings of the 32nd International BCS Human Computer Interaction Conference (HCI 2018): Belfast, UK, 4 - 6 July 2018 BCS Learning and Development Limited. https://doi.org/10.14236/ewic/HCI2018.46