Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments
Name:
Paper with Appendix.pdf
Size:
1.122Mb
Format:
PDF
Description:
Final Accepted Manuscript
Affiliation
Eller College of Management, University of ArizonaIssue Date
2022
Metadata
Show full item recordPublisher
INFORMSCitation
Khern-am-nuai, W., Hashim, M. J., Pinsonneault, A., Yang, W., & Li, N. (2022). Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments. Information Systems Research.Journal
Information Systems ResearchRights
© 2022 INFORMS.Collection Information
This item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at repository@u.library.arizona.edu.Abstract
Password-based authentication is the most commonly used method for gaining access to secured systems. Unfortunately, empirical evidence highlights the fact that most passwords are significantly weak, and encouraging users to create stronger passwords is a significant challenge. In this research, we propose a theoretically augmented password strength meter design that is guided by the elaboration likelihood model of persuasion (ELM). We evaluate our design by leveraging three independent and complementary methods: a survey-based experiment using students to evaluate the saliency of our conceptual design (proof of concept), a controlled laboratory experiment conducted on Amazon Mechanical Turk to test the effectiveness of the proposed design (proof of value), and a randomized field experiment conducted in collaboration with an online forum in Asia to establish proof of use. In each study, we observe the changes in users’ behavior in response to our proposed password strength meter. We find that the ELM-augmented password strength meter is significantly effective at addressing the challenges of password-based authentication. Users exposed to this strength meter are more likely to change their passwords, leading to a new password that is significantly stronger. Our findings suggest that the proposed design of augmented password strength meters is an effective method for promoting secure password behavior among end users.Note
12 month embargo; published online: 23 March 2022ISSN
1047-7047Version
Final accepted manuscriptae974a485f413a2113503eed53cd6c53
10.1287/isre.2022.1125