research-article

Open access

Priming through Persuasion: Towards Secure Password Behavior

Authors:

Mahdi Nasrullah Al-AmeenAuthors Info & Claims

Proceedings of the ACM on Human-Computer Interaction, Volume 8, Issue CSCW1

Article No.: 110, Pages 1 - 27

https://doi.org/10.1145/3637387

Published: 26 April 2024 Publication History

Abstract

Users tend to create weak passwords even for the important accounts. The prior research shed light on user's insecure password behavior, and why the interventions, including requirement specification (e.g., password composition policies) and feedback systems (e.g., password meters) fail in practice. To this end, we propose and evaluate the concept: priming-through-persuasion in the realm of secure password creation. In particular, we created visual designs, aimed at priming users about the repercussions of weak passwords before their password creation. We base our designs on two forms of persuasion methods: pathos and logos. Pathos appeals to people's emotion in order to persuade them towards an expected behavior, where logos-based rhetoric appeals to a person's sense of reason. We conducted a lab study including participatory design and semi-structured interview with 20 participants. We updated our designs in an iterative manner based on the feedback from our participants in the lab study. To evaluate our updated designs, we conducted a between-subject online study with 131 participants over Amazon Mechanical Turk. Our study provides insight into how the use of persuasion techniques contributed to user attachment and engagement with the design, as well as the comprehension of the conveyed message about password vulnerabilities. Our findings lead to the guideline for future research on leveraging the priming-through-persuasion to complement the existing techniques in encouraging users towards secure behavior.

References

[1]

Chadia Abras, Diane Maloney-Krichmar, Jenny Preece, et al. 2004. User-centered design. Bainbridge, W. Encyclopedia of Human-Computer Interaction. Thousand Oaks: Sage Publications 37, 4 (2004), 445--456.

[2]

Anne Adams, Martina Angela Sasse, and Peter Lunt. 1997. Making passwords secure and usable. In People and computers XII. Springer, 1--19.

[3]

Mahdi Nasrullah Al-Ameen, Huzeyfe Kocabas, Swapnil Nandy, and Tanjina Tamanna. 2021. ?We, three brothers have always known everything of each other": A Cross-cultural Study of Sharing Digital Devices and Online Accounts. Proceedings on Privacy Enhancing Technologies 2021, 4 (2021), 203--224.

[4]

Hanieh Atashpanjeh, Arezou Behfar, Cassity Haverkamp, Maryellen McClain Verdoes, and Mahdi Nasrullah Al-Ameen. 2022. Intermediate Help with Using Digital Devices and Online Accounts: Understanding the Needs, Expectations, and Vulnerabilities of Young Adults. In 24th International Conference on Human-Computer Interaction. 3--15.

Digital Library

[5]

Simon Baron-Cohen and Sally Wheelwright. 2004. The empathy quotient: an investigation of adults with Asperger syndrome or high functioning autism, and normal sex differences. Journal of autism and developmental disorders 34, 2 (2004), 163--175.

[6]

Kathy Baxter, Catherine Courage, and Kelly Caine. 2015. Understanding Your Users: A Practical Guide to User Research Methods (2 ed.). Morgan Kaufmann Publishers Inc., San Francisco, CA, USA.

[7]

Arezou Behfar, Hanieh Atashpanjeh, and Mahdi Nasrullah Al-Ameen. 2023. Can Password Meter be More Effective Towards User Attention, Engagement, and Attachment?: A Study of Metaphor-based Designs. In Companion Publication of the 2023 Conference on Computer Supported Cooperative Work and Social Computing. 164--171.

Digital Library

[8]

Ann Blandford, Dominic Furniss, and Stephann Makri. 2016. Qualitative HCI research: Going behind the scenes. Synthesis lectures on human-centered informatics 9, 1 (2016), 1--115.

[9]

Joseph Bonneau. 2012. The science of guessing: analyzing an anonymized corpus of 70 million passwords. In 2012 IEEE symposium on security and privacy. IEEE, 538--552.

Digital Library

[10]

Joseph Bonneau, Cormac Herley, Paul C Van Oorschot, and Frank Stajano. 2012. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In 2012 IEEE symposium on security and privacy. IEEE, 553--567.

Digital Library

[11]

Joseph Bonneau and Ekaterina Shutova. 2012. Linguistic properties of multi-word passphrases. In International Conference on Financial Cryptography and Data Security. Springer, 1--12.

Digital Library

[12]

Richard E Boyatzis. 1998. Transforming qualitative information: Thematic analysis and code development. sage, Thousand Oaks, CA, USA.

[13]

Antoine C Braet. 1992. Ethos, pathos and logos in Aristotle's Rhetoric: A re-examination. Argumentation 6, 3 (1992), 307--320.

[14]

Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative research in psychology 3, 2 (2006), 77--101.

[15]

Virginia Braun and Victoria Clarke. 2021. One size fits all? What counts as quality practice in (reflexive) thematic analysis? Qualitative research in psychology 18, 3 (2021), 328--352.

[16]

M Brinks. 2019. Ethos, pathos, logos, kairos: The modes of persuasion and how to use them. Prep Scholar, Retrieved on August 20 (2019), 2021.

[17]

William E Burr, Donna F Dodson, William T Polk, et al. 2006. Electronic authentication guideline. Citeseer.

[18]

D. Cameron. 2014. Apple knew of iCloud security hole 6 months before Celebgate. http://www.dailydot.com/technology/apple-icloud-brute-force-attack-march/.

[19]

Nazli Cila. 2013. Metaphors we design by: The use of metaphors in product design. (2013).

[20]

Jacob Cohen. 2013. Statistical power analysis for the behavioral sciences. Routledge.

[21]

Nicola Davinson and Elizabeth Sillence. 2014. Using the health belief model to explore users' perceptions of ?being safe and secure'in the world of technology mediated financial transactions. International Journal of Human-Computer Studies 72, 2 (2014), 154--168.

Digital Library

[22]

Ulku D Demirdögen. 2010. The roots of research in (political) persuasion: Ethos, pathos, logos and the Yale studies of persuasive communications. International Journal of Social Inquiry 3, 1 (2010), 189--201.

[23]

Alexis Dinno. 2015. Nonparametric pairwise multiple comparisons in independent groups using Dunn's test. The Stata Journal 15, 1 (2015), 292--300.

[24]

Prakriti Dumaru and Mahdi Nasrullah Al-Ameen. 2023. ?After she fell asleep, it went to my next podcast, which was about a serial killer": Unveiling Needs and Expectations Regarding Parental Control within Digital Assistant. In Companion Publication of the 2023 Conference on Computer Supported Cooperative Work and Social Computing. 17--21.

Digital Library

[25]

Prakriti Dumaru, Ankit Shrestha, Rizu Paudel, Arezou Behfar, Hanieh Atashpanjeh, and Mahdi Nasrullah Al-Ameen. 2023. ?I Have Learned that Things are Different here": Understanding the Transitional Challenges with Technology Use After Relocating to the USA. In International Conference on Human-Computer Interaction. Springer, 201--220.

Digital Library

[26]

Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, and Cormac Herley. 2013. Does my password go up to eleven?: the impact of password meters on password selection. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2013).

Digital Library

[27]

Sascha Fahl, Marian Harbach, Yasemin Acar, and Matthew Smith. 2013. On the ecological validity of a password study. In Proceedings of the Ninth Symposium on Usable Privacy and Security. 1--13.

Digital Library

[28]

Matthias Fassl, Lea Theresa Gröber, and Katharina Krombholz. 2021. Exploring user-centered security design for usable authentication ceremonies. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--15.

Digital Library

[29]

Maximilian Golla and Markus Dürmuth. 2018. On the accuracy of password strength meters. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1567--1582.

Digital Library

[30]

Cormac Herley. 2009. So long, and no thanks for the externalities: the rational rejection of security advice by users. In Proceedings of the 2009 workshop on New security paradigms workshop. 133--144.

Digital Library

[31]

Cormac Herley and Paul Van Oorschot. 2011. A research agenda acknowledging the persistence of passwords. IEEE Security & privacy 10, 1 (2011), 28--36.

[32]

Cormac Herley, Paul C Van Oorschot, and Andrew S Patrick. 2009. Passwords: If we're so smart, why are we still using them?. In International Conference on Financial Cryptography and Data Security. Springer, 230--237.

Digital Library

[33]

Javier Hernandez, Pablo Paredes, Asta Roseway, and Mary Czerwinski. 2014. Under pressure: sensing stress of computer users. In Proceedings of the SIGCHI conference on Human factors in computing systems. 51--60.

Digital Library

[34]

Colin Higgins and Robyn Walker. 2012. Ethos, logos, pathos: Strategies of persuasion in social/environmental reports. In Accounting forum, Vol. 36. Elsevier, 194--208.

[35]

Amic G Ho and Kin Wai Michael G Siu. 2012. Emotion design, emotional design, emotionalize design: A review on their relationships from a new perspective. The Design Journal 15, 1 (2012), 9--32.

[36]

T Hunt. 2011. The science of password selection. Blog Post, July (2011).

[37]

William John Ickes. 1997. Empathic accuracy. Guilford Press.

[38]

A Imperva. 2010. Consumer password worst practices. Application Defense Center (2010).

[39]

Philip G Inglesant and M Angela Sasse. 2010. The true cost of unusable password policies: password use in the wild. In Proceedings of the sigchi conference on human factors in computing systems. 383--392.

Digital Library

[40]

Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. ?... No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices. In Eleventh Symposium On Usable Privacy and Security (SOUPS). 327--346.

[41]

Markus Jakobsson and Mayank Dhiman. 2013. The benefits of understanding passwords. In Mobile Authentication. Springer, 5--24.

[42]

Muhammad Jameel Mohamed Kamil and Shahriman Zainal Abidin. 2013. Unconscious human behavior at visceral level of emotional design. Procedia-Social and Behavioral Sciences 105 (2013), 149--161.

[43]

Christina Katsini, Marios Belk, Christos Fidas, Nikolaos Avouris, and George Samaras. 2016. Security and usability in knowledge-based user authentication: A review. In Proceedings of the 20th pan-hellenic conference on informatics. 1--6.

Digital Library

[44]

Patrick Gage Kelley, Saranga Komanduri, Michelle L Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez. 2012. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In 2012 IEEE symposium on security and privacy. IEEE, 523--537.

Digital Library

[45]

Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Patrick Gage Kelley. [n. d.]. Measuring Password Guessability for an Entire University. ([n. d.]).

[46]

Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. 2014. Telepathwords: Preventing Weak Passwords by Reading Users' Minds. In 23rd USENIX Security Symposium. 591--606.

[47]

Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman. 2011. Of passwords and people: measuring the effect of password-composition policies. In Proceedings of the sigchi conference on human factors in computing systems. 2595--2604.

Digital Library

[48]

Naveen Kumar. 2011. Password in practice: An usability survey. Journal of Global Research in Computer Science 2, 5 (2011), 107--112.

[49]

Franki Y.H. Kung, Navio Kwok, and Douglas J. Brown. 2018. Are attention check questions a threat to scale validity? Applied Psychology 67, 2 (2018), 264--283. https://doi.org/10.1111/apps.12108 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1111/apps.12108

[50]

Cynthia Kuo, Sasha Romanosky, and Lorrie Faith Cranor. 2006. Human Selection of Mnemonic Phrase-Based Passwords. In Proceedings of the Second Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS '06). Association for Computing Machinery, New York, NY, USA, 67--78. https://doi.org/10.1145/1143120.1143129

Digital Library

[51]

George Lakoff and Mark Johnson. 2003. Metaphors We Live By Chicago: University of Chicago Press 1980. Afterword (2003).

[52]

Xingyu Lan, Yanqiu Wu, Yang Shi, Qing Chen, and Nan Cao. 2022. Negative Emotions, Positive Outcomes? Exploring the Communication of Negativity in Serious Data Stories. In CHI Conference on Human Factors in Computing Systems. 1--14.

[53]

Kevin Lee, Sten Sjöberg, and Arvind Narayanan. 2022. Password policies of most top websites fail to follow best practices. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). 561--580.

[54]

Huigang Liang, Yajiong Lucky Xue, et al. 2010. Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the association for information systems 11, 7 (2010), 1.

[55]

George Loewenstein and Emily Haisley. 2007. The Economist as Therapist: Methodological Ramifications of 'Light' Paternalism. Political Economy (Topic) (2007).

[56]

D. Love. 2014. Apple on iCloud breach: It's not our fault hackers guessed celebrity passwords. http://www.ibtimes.com/apple-icloud-breach-its-not-our-fault-hackers-guessed-celebrity-passwords-1676268.

[57]

David Malone and Kevin Maher. 2012. Investigating the distribution of password choices. In Proceedings of the 21st international conference on World Wide Web. 301--310.

Digital Library

[58]

Robert McMillan. 2012. The world's first computer password? it was useless too. Wired Magazine (2012).

[59]

B Dawn Medlin and Joseph A Cazier. 2007. An empirical investigation: Health care employee passwords and their crack times in relationship to hipaa security standards. International Journal of Healthcare Information Systems and Informatics (IJHISI) 2, 3 (2007), 39--48.

[60]

Margherita Melloni, Vladimir Lopez, and Agustin Ibanez. 2014. Empathy and contextual social cognition. Cognitive, Affective, & Behavioral Neuroscience 14, 1 (2014), 407--425.

[61]

Tamar Mshvenieradze. 2013. Logos Ethos and Pathos in Political Discourse. Theory & Practice in Language Studies 3, 11 (2013).

[62]

Douglas L Nelson, Valerie S Reed, and Cathy L McEvoy. 1977. Learning to order pictures and words: A model of sensory and semantic encoding. Journal of Experimental Psychology: human learning and memory 3, 5 (1977), 485.

[63]

Jakob Nielsen. 1993. Iterative user-interface design. Computer 26, 11 (1993), 32--41.

Digital Library

[64]

Daniel M Oppenheimer, Tom Meyvis, and Nicolas Davidenko. 2009. Instructional manipulation checks: Detecting satisficing to increase statistical power. Journal of Experimental Social Psychology 45, 4 (2009), 867--872.

[65]

Allan Paivio. 2014. Mind and its evolution: A dual coding theoretical approach. Psychology Press.

[66]

Rizu Paudel, Prakriti Dumaru, Ankit Shrestha, Huzeyfe Kocabas, and Mahdi Nasrullah Al-Ameen. 2023. A Deep Dive into User's Preferences and Behavior around Mobile Phone Sharing. Proceedings of the ACM on Human-Computer Interaction 7, CSCW1 (2023), 1--22.

Digital Library

[67]

Rizu Paudel, Ankit Shrestha, Prakriti Dumaru, and Mahdi Nasrullah Al-Ameen. 2023. " It doesn't just feel like something a lawyer slapped together." Mental-Model-Based Privacy Policy for Third-Party Applications on Facebook. In Companion Publication of the 2023 Conference on Computer Supported Cooperative Work and Social Computing. 298--306.

Digital Library

[68]

Eyal Peer, Joachim Vosgerau, and Alessandro Acquisti. 2014. Reputation as a sufficient condition for data quality on Amazon Mechanical Turk. Behavior Research Methods 46, 4 (2014), 1023--1031.

[69]

Michael Peters, Bruno Laeng, Kerry Latham, Marla Jackson, Raghad Zaiyouna, and Chris Richardson. 1995. A redrawn Vandenberg and Kuse mental rotations test-different versions and factors that affect performance. Brain and cognition 28, 1 (1995), 39--58.

[70]

Stanley Presser, Mick P Couper, Judith T Lessler, Elizabeth Martin, Jean Martin, Jennifer M Rothgeb, and Eleanor Singer. 2004. Methods for testing and evaluating survey questions. Methods for testing and evaluating survey questionnaires (2004), 1--22.

[71]

Robert W Proctor, Mei-Ching Lien, Kim-Phuong L Vu, E Eugene Schultz, and Gavriel Salvendy. 2002. Improving computer security for authentication of users: Influence of proactive password restrictions. Behavior Research Methods, Instruments, & Computers 34, 2 (2002), 163--169.

[72]

Elissa M Redmiles, Yasemin Acar, Sascha Fahl, and Michelle L Mazurek. 2017. A summary of survey methodology best practices for security and privacy researchers. Technical Report.

[73]

Daniel Reinhardt, Johannes Borchard, and Jörn Hurtienne. 2021. Visual Interactive Privacy Policy: The Better Choice?. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--12.

Digital Library

[74]

Karen Renaud, Verena Zimmerman, Joseph Maguire, and Steve Draper. 2017. Lessons learned from evaluating eight password nudges in the wild. In The LASER Workshop: Learning from Authoritative Security Experiment Results (LASER 2017). 25--37.

[75]

Martin Schrepp and Jörg Thomaschewski. 2019. Handbook for the modular extension of the User Experience Questionnaire. In Mensch & Computer.

[76]

Sovantharith Seng, Mahdi Nasrullah Al-Ameen, and Matthew Wright. 2018. Understanding users' decision of clicking on posts in Facebook with implications for phishing. In Workshop on Technology and Consumer Protection (ConPro 18).

[77]

Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Alain Forget, Saranga Komanduri, Michelle L Mazurek, William Melicher, Sean M Segreti, and Blase Ur. 2015. A spoonful of sugar? The impact of guidance and feedback on password-creation behavior. In Proceedings of the 33rd annual ACM conference on human factors in computing systems. 2903--2912.

[78]

Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2010. Encountering stronger password requirements: user attitudes and behaviors. In Proceedings of the sixth symposium on usable privacy and security. 1--20.

Digital Library

[79]

Ankit Shrestha, Prakriti Dumaru, Rizu Paudel, and Mahdi Nasrullah Al-Ameen. 2023. Understanding the Challenges in Academia to Prepare Nursing Students for Digital Technology Use at Workplace. In Companion Publication of the 2023 Conference on Computer Supported Cooperative Work and Social Computing. 96--100.

Digital Library

[80]

Ankit Shrestha, Rizu Paudel, Prakriti Dumaru, and Mahdi Nasrullah Al-Ameen. 2023. Towards improving the efficacy of windows security notifier for apps from unknown publishers: The role of rhetoric. In International Conference on Human-Computer Interaction. Springer, 101--121.

Digital Library

[81]

Ankit Shrestha, Tanusree Sharma, Pratyasha Saha, Syed Ishtiaque Ahmed, and Mahdi Nasrullah Al-Ameen. 2023. A first look into software security practices in bangladesh. ACM Journal on Computing and Sustainable Societies 1, 1 (2023), 1--24.

Digital Library

[82]

Kamran Siddique, Zahid Akhtar, and Yangwoo Kim. 2017. Biometrics vs passwords: a modern version of the tortoise and the hare. Computer Fraud & Security 2017, 1 (2017), 13--17.

[83]

Andreas Sotirakopoulos, Ildar Muslukov, Konstantin Beznosov, Cormac Herley, and Serge Egelman. 2011. Poster: Motivating users to choose better passwords through peer pressure. Proc. SOUPS 2011 (2011).

[84]

Specops. 2023. Weak Password Report 2023. https://specopssoft.com/wp-content/uploads/2023/03/Specops-Software-Weak-Password-report-2023.pdf.

[85]

Clay Spinuzzi. 2005. The methodology of participatory design. Technical communication 52, 2 (2005), 163--174.

[86]

Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, et al . 2017. Design and evaluation of a data-driven password meter. In Proceedings of the 2017 chi conference on human factors in computing systems. 3775--3786.

Digital Library

[87]

Blase Ur, Jonathan Bees, Sean M Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Do users' perceptions of password security match reality?. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. 3748--3760.

Digital Library

[88]

Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2012. How Does Your Password Measure up? The Effect of Strength Meters on Password Creation. In Proceedings of the 21st USENIX Conference on Security Symposium (Bellevue, WA) (Security'12). USENIX Association, USA, 5.

Digital Library

[89]

Blase Ur, Saranga Komanduri, Richard Shay, Stephanos Matsumoto, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Michelle L Mazurek, and Timothy Vidas. 2013. Poster: The art of password creation. In Proc. of the IEEE Symp. on Security and Privacy, Vol. 6.

[90]

Blase Ur, Fumiko Noma, Jonathan Bees, Sean M Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. " I Added'!'at the End to Make It Secure": Observing Password Creation in the Lab. In Eleventh symposium on usable privacy and security (SOUPS 2015). 123--140.

[91]

Blase Ur, Sean M Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L Mazurek, William Melicher, and Richard Shay. 2015. Measuring Real-World Accuracies and Biases in Modeling Password Guessability. In 24th USENIX Security Symposium (USENIX Security 15). 463--481.

Digital Library

[92]

Rafael Veras, Christopher Collins, and Julie Thorpe. 2014. On semantic patterns of passwords and their security impact. In NDSS. Citeseer.

[93]

Rafael Veras, Julie Thorpe, and Christopher Collins. 2012. Visualizing Semantics in Passwords: The Role of Dates. In Proceedings of the Ninth International Symposium on Visualization for Cyber Security (Seattle, Washington, USA) (VizSec '12). Association for Computing Machinery, New York, NY, USA, 88--95. https://doi.org/10.1145/2379690.2379702

Digital Library

[94]

Rafael Veras, Julie Thorpe, and Christopher Collins. 2012. Visualizing semantics in passwords: The role of dates. In Proceedings of the ninth international symposium on visualization for cyber security. 88--95.

Digital Library

[95]

Emanuel Von Zezschwitz, Alexander De Luca, and Heinrich Hussmann. 2013. Survival of the shortest: A retrospective analysis of influencing factors on password composition. In IFIP Conference on Human-Computer Interaction. Springer, 460--467.

[96]

Kim-Phuong L Vu, Robert W Proctor, Abhilasha Bhargav-Spantzel, Bik-Lam Belin Tai, Joshua Cook, and E Eugene Schultz. 2007. Improving password security and memorability to protect personal and organizational information. international journal of human-computer studies 65, 8 (2007), 744--757.

[97]

Matt Weir, Sudhir Aggarwal, Michael Collins, and Henry Stern. 2010. Testing metrics for password creation policies by attacking large sets of revealed passwords. In Proceedings of the 17th ACM conference on Computer and communications security. 162--175.

Digital Library

[98]

Irene Woon, Gek-Woo Tan, and R Low. 2005. A protection motivation theory approach to home wireless security. (2005).

[99]

Lixuan Zhang and William C McDowell. 2009. Am I really at risk? Determinants of online users' intentions to use strong passwords. Journal of Internet Commerce 8, 3--4 (2009), 180--197.

[100]

Leah Zhang-Kennedy, Sonia Chiasson, and Robert Biddle. 2013. Password advice shouldn't be boring: Visualizing password guessing attacks. In 2013 APWG eCrime Researchers Summit. 1--11. https://doi.org/10.1109/eCRS.2013.6805770

[101]

Leah Zhang-Kennedy, Sonia Chiasson, and Robert Biddle. 2013. Password advice shouldn't be boring: Visualizing password guessing attacks. In 2013 APWG eCrime Researchers Summit. IEEE, 1--11.

[102]

Verena Zimmermann, Karola Marky, and Karen Renaud. 2022. Hybrid password meters for more secure passwords--a comprehensive study of password meters including nudges and password information. Behaviour & Information Technology (2022), 1--44.

Cited By

Paudel RAl-Ameen M(2024)Leveraging the Power of Storytelling to Encourage and Empower Children towards Strong PasswordsProceedings of the ACM on Human-Computer Interaction10.1145/36870438:CSCW2(1-27)Online publication date: 8-Nov-2024
https://dl.acm.org/doi/10.1145/3687043
Paudel RAl-Ameen MFarzan RLópez CCardoso Llach DQuercia DMustafa MNiu SWong-Villacrés M(2024)Hacker, Their Actions, and Fear Appeal: A First Look Through the Lens of ChildrenCompanion Publication of the 2024 Conference on Computer-Supported Cooperative Work and Social Computing10.1145/3678884.3681888(437-443)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3678884.3681888
Lahza HAlsamani B(2024)Behavioral Cybersecurity: Dynamic Persuasive Strategies to Enhance Password Security2024 7th International Conference of Computer and Informatics Engineering (IC2IE)10.1109/IC2IE63342.2024.10748160(1-9)Online publication date: 12-Sep-2024
https://doi.org/10.1109/IC2IE63342.2024.10748160

Index Terms

Priming through Persuasion: Towards Secure Password Behavior
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI design and evaluation methods
      1. User studies
2. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Human-Computer Interaction

Proceedings of the ACM on Human-Computer Interaction Volume 8, Issue CSCW1

CSCW

April 2024

6294 pages

EISSN:2573-0142

DOI:10.1145/3661497

Editor:
Jeff Nichols
Apple Inc., United States

Issue’s Table of Contents

Copyright © 2024 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 April 2024

Published in PACMHCI Volume 8, Issue CSCW1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
381
Total Downloads

Downloads (Last 12 months)381
Downloads (Last 6 weeks)52

Reflects downloads up to 17 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Paudel RAl-Ameen M(2024)Leveraging the Power of Storytelling to Encourage and Empower Children towards Strong PasswordsProceedings of the ACM on Human-Computer Interaction10.1145/36870438:CSCW2(1-27)Online publication date: 8-Nov-2024
https://dl.acm.org/doi/10.1145/3687043
Paudel RAl-Ameen MFarzan RLópez CCardoso Llach DQuercia DMustafa MNiu SWong-Villacrés M(2024)Hacker, Their Actions, and Fear Appeal: A First Look Through the Lens of ChildrenCompanion Publication of the 2024 Conference on Computer-Supported Cooperative Work and Social Computing10.1145/3678884.3681888(437-443)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3678884.3681888
Lahza HAlsamani B(2024)Behavioral Cybersecurity: Dynamic Persuasive Strategies to Enhance Password Security2024 7th International Conference of Computer and Informatics Engineering (IC2IE)10.1109/IC2IE63342.2024.10748160(1-9)Online publication date: 12-Sep-2024
https://doi.org/10.1109/IC2IE63342.2024.10748160

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents