Augmenting Password Strength Meter Design using the Elaboration Likelihood Model: Evidence from Randomized Experiments

Authors: Warut Khern-am-nuai, M.J. Hashim, Alain Pinsonneault, W. Yang and N. Li

Publication: Information Systems Research, Forthcoming

Abstract:

Password-based authentication is the most commonly used method for gaining access to secured systems. Unfortunately, empirical evidence highlights the fact that most passwords are significantly weak and encouraging users to create stronger passwords is a significant challenge. In this research, we propose a theoretically augmented password strength meter design that is guided by the Elaboration Likelihood Model of persuasion (ELM). We evaluate our design by leveraging three independent and complementary methods: a survey-based experiment using students to evaluate the saliency of our conceptual design (proof-of-concept), a controlled laboratory experiment conducted on Amazon MTurk to test the effectiveness of the proposed design (proof-of-value), and a randomized field experiment conducted in collaboration with an online forum in Asia to establish proof-of-use. In each study, we observe the changes in users’ behavior in response to our proposed password strength meter. We find that the ELM augmented password strength meter is significantly effective at addressing the challenges of password-based authentication. Users exposed to this strength meter are more likely to change their password, leading to a new password that is significantly stronger. Our findings suggest that the proposed design of augmented password strength meters is an effective method for promoting secure password behavior among end users.

Desautels 22

In recognition of research excellence as it relates to publications in top-tier management journals, our Faculty has compiled a list of high quality, peer-reviewed management journals, which is referred to as the Desautels 22.