Using Nudges to Improve Password Strength

14.11.2018, 15:00 – 16:00


Speaker: Verena Zimmermann, TU Darmstadt | Abertay University, Dundee, Scotland, Kydd Building, Room 2522

Organizer: Prof. Joachim Vogt


The password still is the most commonly used authentication scheme. Still, encouraging people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture interventions (i.e. `nudges’) have been trialled by researchers with a view to strengthening the overall password profile. Many have produced negative or ambiguous results, only few have made a difference so far. Therefore, we carried out three longitudinal studies to analyse the efficacy of a range of nudges by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several visual framing nudges. Password strength did not budge. After reflecting on the first two studies, the third study tested a `hybrid nudge’ that directly linked password strength to expiration dates. This manipulation delivered a positive result: significantly longer and stronger passwords. Possible reasons for this effect and implications for future research are discussed.

Short bio

Professor in Cyber Security Karen Renaud, has recently welcomed a visiting scholar from Germany to Abertay. Verena Zimmermann is a doctoral researcher from the 'Work and Engineering Psychology' group at Technische Universität Darmstadt and will be spending two months at the University, working with Karen in exploring Human Factors in Cybersecurity. Within Darmstadt’s Center for Research in Security and Privacy (CRISP), Verena will work with Karen, as an expert in the field, on addressing user needs in cybersecurity and deploying behavioural science methods to help users to behave more securely.