Priming Through Persuasion: Towards Secure Password Behavior

Authors

Rizu Paudel, Utah State UniversityFollow
Mahdi Nasrullah Al-Ameen, Utah State UniversityFollow

Document Type

Article

Author ORCID Identifier

Rizu Paudel https://orcid.org/0000-0003-3840-9015

Mahdi Nasrullah Al-Ameen https://orcid.org/0000-0002-5764-2253

Journal/Book Title/Conference

Proceedings of the ACM on Human-Computer Interaction

Volume

8

Issue

110

Publisher

Association for Computing Machinery

Publication Date

4-26-2024

Journal Article Version

Version of Record

First Page

1

Last Page

27

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Abstract

Users tend to create weak passwords even for the important accounts. The prior research shed light on user’s insecure password behavior, and why the interventions, including requirement specification (e.g., password composition policies) and feedback systems (e.g., password meters) fail in practice. To this end, we propose and evaluate the concept: priming-through-persuasion in the realm of secure password creation. In particular, we created visual designs, aimed at priming users about the repercussions of weak passwords before their password creation. We base our designs on two forms of persuasion methods: pathos and logos. Pathos appeals to people’s emotion in order to persuade them towards an expected behavior, where logos-based rhetoric appeals to a person’s sense of reason. We conducted a lab study including participatory design and semi-structured interview with 20 participants. We updated our designs in an iterative manner based on the feedback from our participants in the lab study. To evaluate our updated designs, we conducted a between-subject online study with 131 participants over Amazon Mechanical Turk. Our study provides insight into how the use of persuasion techniques contributed to user attachment and engagement with the design, as well as the comprehension of the conveyed message about password vulnerabilities. Our findings lead to the guideline for future research on leveraging the priming-through-persuasion to complement the existing techniques in encouraging users towards secure behavior.

Recommended Citation

Rizu Paudel and Mahdi Nasrullah Al-Ameen. 2024. Priming through Persuasion: Towards Secure Password Behavior. Proc. ACM Hum.-Comput. Interact. 8, CSCW1, Article 110 (April 2024), 27 pages. https://doi.org/10.1145/3637387