Persuasion for Stronger Passwords: Motivation and Pilot Study

Text passwords are the ubiquitous method of authentication, used by most people for most online services. Many people choose weak passwords that are vulnerable to attackers who simply guess all the passwords within the most probable password spaces. This paper describes a lightweight password creation mechanism that uses Persuasive Technology to influence users to create stronger passwords. Results from a pilot study show that our Persuasive Text Passwords (PTP) prototype system successfully influenced users to create and remember more secure passwords.

[1]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[2]  L. Camp Economics of Information Security , 2006 .

[3]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[4]  Paul F. Syverson,et al.  What Price Privacy? - and why identity theft is about neither identity nor theft , 2004, Economics of Information Security.

[5]  Rune Gustavsson,et al.  Agents with power , 1999, CACM.

[6]  M. Angela Sasse,et al.  Pretty good persuasion: a first step towards effective password security in the real world , 2001, NSPW '01.

[7]  Lorrie Faith Cranor,et al.  Human selection of mnemonic phrase-based passwords , 2006, SOUPS '06.

[8]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[9]  Christopher B. Mayhorn,et al.  Persuasive Pillboxes: Improving Medication Adherence with Personal Digital Assistants , 2006, PERSUASIVE.

[10]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[11]  Dominique Brodbeck,et al.  Persuasiveness of a Mobile Lifestyle Coaching Application Using Social Facilitation , 2006, PERSUASIVE.

[12]  Martina Angela Sasse,et al.  Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery , 2003 .

[13]  R. Biddle,et al.  Persuasion as Education for Computer Security , 2007 .

[14]  Steven Furnell,et al.  An assessment of website password practices , 2007, Comput. Secur..

[15]  Robert Biddle,et al.  A Usability Study and Critique of Two Password Managers , 2006, USENIX Security Symposium.

[16]  L. R. Peterson,et al.  Short-term retention of individual verbal items. , 1959, Journal of experimental psychology.

[17]  Anastasis D. Petrou Review of “Persuasive technology: Using computers to change what we think and do by B. J. Fogg” Morgan Kaufmann, 2003 , 2003 .

[18]  B. J. Fogg,et al.  Persuasive technology: using computers to change what we think and do , 2002, UBIQ.

[19]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[20]  Andrés Lucero,et al.  Persuasive Technologies in Education: Improving Motivation to Read and Write for Children , 2006, PERSUASIVE.