Lessons Learned from Evaluating Eight Password Nudges in the Wild
نویسندگان
چکیده
Background. The tension between security and convenience, when creating passwords, is well established. It is a tension that often leads users to create poor passwords. For security designers, three mitigation strategies exist: issuing passwords, mandating minimum strength levels or encouraging better passwords. The first strategy prompts recording, the second reuse, but the third merits further investigation. It seemed promising to explore whether users could be subtly nudged towards stronger passwords. Aim. The aim of the study was to investigate the influence of visual nudges on self-chosen password length and/or strength. Method. A university application, enabling students to check course dates and review grades, was used to support two consecutive empirical studies over the course of two academic years. In total, 497 and 776 participants, respectively, were randomly assigned either to a control or an experimental group. Whereas the control group received no intervention, the experimental groups were presented with different visual nudges on the registration page of the web application whenever passwords were created. The experimental groups’ password strengths and lengths were then compared that of the control group. Results. No impact of the visual nudges could be detected, neither in terms of password strength nor length. The ordinal score metric used to calculate password strength led to a decrease in variance and test power, so that the inability to detect an effect size does not definitively indicate that such an effect does not exist. Conclusion. We cannot conclude that the nudges had no effect on password strength. It might well be that an actual effect was not detected due to the experimental design choices. Another possible explanation for our result is that password choice is influenced by the user’s task, cognitive budget, goals and pre-existing routines. A simple visual nudge might not have the power to overcome these forces. Our lessons learned therefore recommend the use of a richer password strength quantification measure, and the acknowledgement of the user’s context, in future studies.
منابع مشابه
Important Lessons Learned From Nearly a Half-Century of Orthopedic Practice
“Those who cannot remember the past are condemned to repeat it” [1]. The famous quote from Hispanic American philosopher George Santayana reminds us of the critical importance of constantly reflecting on the most important lessons garnered from both our own personal experiences and those of our peers. In 49 years of academic orthopedic practice, I have frequently reflected on the most important...
متن کاملRegionalization of the Iowa State University Extension System: Lessons Learned by Key Administrators
The cyclical economic downturn in the United States has forced many Extension administrators to rethink and adjust services and programming. The Cooperative Extension System (CES), the organization primarily responsible for governmental Extension work in the United States, at Iowa State University responded to this economic downturn by restructuring its organization from county based to a regio...
متن کاملPsychosocial Rehabilitation: Some Lessons Learned From Natural Disaster in Iran
Background: Disasters have adverse impacts on different aspects of human life. Psychosocial Rehabilitation is one of the fields which is usually overshadowed and ignored by physical rehabilitation or its importance does not receive proper attention. This research attempts to study some lessons learned from Psychosocial Rehabilitation based on disaster experiences in Iran. M...
متن کاملLessons Learned from the Lorestan Flood Crisis: Relief Experience in Pol-e-Dokhtar Flood
This article has no abstract.
متن کاملLessons Learned from the AIDS Crisis in Lordegan, Iran in 2019
AIDS is an acquired immunodeficiency syndrome caused by the HIV virus (1, 2). AIDS is amongst the major challenges of the health system in all countries. This health challenge has spread to all countries as well as to all age groups, especially the 25-34 age group. The probability of transmission of AIDS ranges from 70% by blood transfusion to 30% by sexual intercourse, mother-to-child transmis...
متن کامل