Who creates strong passwords when nudging fails

The use of strong passwords is viewed as a recommended cybersecurity practice, as the hacking of weak passwords led to major cybersecurity breaches. The present research investigated whether nudging with messages based on participants’ self-schemas could lead them to create stronger passwords. We mo...

Full description

Bibliographic Details
Main Authors: Chan-Tin, D.E (Author), Jones, I.T (Author), Kennison, S.M (Author), Spooner, V.H (Author)
Format: Article
Language:English
Published: Elsevier Ltd 2021
Subjects:
Online Access:View Fulltext in Publisher
Description
Summary:The use of strong passwords is viewed as a recommended cybersecurity practice, as the hacking of weak passwords led to major cybersecurity breaches. The present research investigated whether nudging with messages based on participants’ self-schemas could lead them to create stronger passwords. We modeled our study on prior health-related research demonstrating positive results using messages based on self-schema categories (i.e., True Colors categories -compassionate, loyal, intellectual, and adventurous). We carried out an online study, one with 256 (185 women, 66 men, 5 other) undergraduates and one with 424 (240 men, 179 women, 5 other) Amazon Mechanical Turk (MTurk) workers, in which we randomly assigned participants to receive messages that matched or mismatched their self-schema. We also investigated whether differences across the Big Five personality traits, secure password knowledge, attitudes and behavior, need for cognition, and general risk-taking predicted the strength of passwords that participants created during the study. Multiple individual difference variables predicted password strength (i.e., conscientiousness, emotional stability, need for cognition, self-reported secure password knowledge, attitude, and behavior, and general risk-taking). MTurk workers had higher levels of cybersecurity knowledge and created stronger passwords than college students. The nudging messages did not lead to stronger passwords. Implications for strategies to increase the use of secure passwords are discussed. © 2021
ISBN:24519588 (ISSN)
DOI:10.1016/j.chbr.2021.100132