Augmenting Password Strength Meter Design using the Elaboration Likelihood Model: Evidence from Randomized Experiments

39 Pages Posted: 27 Jun 2016 Last revised: 10 Dec 2020

See all articles by Warut Khern-am-nuai

Warut Khern-am-nuai

McGill University - Desautels Faculty of Management

Matthew J. Hashim

University of Arizona

Alain Pinsonneault

McGill University - Desautels Faculty of Management

Weining Yang

Purdue University

Ninghui Li

Purdue University - Department of Computer Sciences

Date Written: December 9, 2020

Abstract

Password-based authentication is the most commonly used method for gaining access to secured systems. Unfortunately, empirical evidence highlights the fact that most passwords are significantly weak and encouraging users to create stronger passwords is a significant challenge. In this research, we propose a theoretically augmented password strength meter design that is guided by the Elaboration Likelihood Model of persuasion (ELM). We evaluate our design by leveraging three independent and complementary methods: a survey-based experiment using students to evaluate the saliency of our conceptual design (proof-of-concept), a controlled laboratory experiment conducted on Amazon MTurk to test the effectiveness of the proposed design (proof-of-value), and a randomized field experiment conducted in collaboration with an online forum in Asia to establish proof-of-use. In each study, we observe the changes in users’ behavior in response to our proposed password strength meter. We find that the ELM augmented password strength meter is significantly effective at addressing the challenges of password-based authentication. Users exposed to this strength meter are more likely to change their password, leading to a new password that is significantly stronger. Our findings suggest that the proposed design of augmented password strength meters is an effective method for promoting secure password behavior among end users.

Keywords: password strength meter, design science, elaboration likelihood model, randomized experiment

Suggested Citation

Khern-am-nuai, Warut and Hashim, Matthew J. and Pinsonneault, Alain and Yang, Weining and Li, Ninghui, Augmenting Password Strength Meter Design using the Elaboration Likelihood Model: Evidence from Randomized Experiments (December 9, 2020). Available at SSRN: https://ssrn.com/abstract=2800499 or http://dx.doi.org/10.2139/ssrn.2800499

Warut Khern-am-nuai (Contact Author)

McGill University - Desautels Faculty of Management ( email )

1001 Sherbrooke St. West
Montreal, Quebec H3A1G5 H3A 2M1
Canada

Matthew J. Hashim

University of Arizona ( email )

Department of Management Information Systems
Eller College of Management
Tucson, AZ 85721
United States

Alain Pinsonneault

McGill University - Desautels Faculty of Management ( email )

1001 Sherbrooke St. West
Montreal, Quebec H3A1G5 H3A 2M1
Canada

Weining Yang

Purdue University ( email )

610 Purdue Mall
West Lafayette, IN 47907
United States

Ninghui Li

Purdue University - Department of Computer Sciences ( email )

West Lafayette, IN 47907

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
238
Abstract Views
1,138
rank
160,631
PlumX Metrics