Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments

Warut Khern-Am-nuai, Matthew J. Hashim, Alain Pinsonneault, Weining Yang, Ninghui Li

Research output: Contribution to journalArticlepeer-review

7 Scopus citations

Abstract

Password-based authentication is the most commonly used method for gaining access to secured systems. Unfortunately, empirical evidence highlights the fact that most passwords are significantly weak, and encouraging users to create stronger passwords is a significant challenge. In this research, we propose a theoretically augmented password strength meter design that is guided by the elaboration likelihood model of persuasion (ELM). We evaluate our design by leveraging three independent and complementary methods: a survey-based experiment using students to evaluate the saliency of our conceptual design (proof of concept), a controlled laboratory experiment conducted on Amazon Mechanical Turk to test the effectiveness of the proposed design (proof of value), and a randomized field experiment conducted in collaboration with an online forum in Asia to establish proof of use. In each study,we observe the changes in users' behavior in response to our proposed password strength meter. We find that the ELM-augmented password strength meter is significantly effective at addressing the challenges of password-based authentication. Users exposed to this strength meter are more likely to change their passwords, leading to a new password that is significantly stronger. Our findings suggest that the proposed design of augmented password strength meters is an effective method for promoting secure password behavior among end users.

Original languageEnglish (US)
Pages (from-to)157-177
Number of pages21
JournalInformation Systems Research
Volume34
Issue number1
DOIs
StatePublished - Mar 2023
Externally publishedYes

Keywords

  • design science
  • elaboration likelihood model
  • password strength meter
  • randomized experiment

ASJC Scopus subject areas

  • Management Information Systems
  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management
  • Library and Information Sciences

Fingerprint

Dive into the research topics of 'Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments'. Together they form a unique fingerprint.

Cite this