IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v34y2023i1p157-177.html
   My bibliography  Save this article

Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments

Author

Listed:
  • Warut Khern-am-nuai

    (Desautels Faculty of Management, McGill University, Montreal, Quebec H3A 1G5, Canada)

  • Matthew J. Hashim

    (Eller College of Management, University of Arizona, Tucson, Arizona 85721)

  • Alain Pinsonneault

    (Desautels Faculty of Management, McGill University, Montreal, Quebec H3A 1G5, Canada)

  • Weining Yang

    (ByteDance Inc., Mountain View, California 94041)

  • Ninghui Li

    (Department of Computer Science, Purdue University, West Lafayette, Indiana 47907)

Abstract

Password-based authentication is the most commonly used method for gaining access to secured systems. Unfortunately, empirical evidence highlights the fact that most passwords are significantly weak, and encouraging users to create stronger passwords is a significant challenge. In this research, we propose a theoretically augmented password strength meter design that is guided by the elaboration likelihood model of persuasion (ELM). We evaluate our design by leveraging three independent and complementary methods: a survey-based experiment using students to evaluate the saliency of our conceptual design (proof of concept), a controlled laboratory experiment conducted on Amazon Mechanical Turk to test the effectiveness of the proposed design (proof of value), and a randomized field experiment conducted in collaboration with an online forum in Asia to establish proof of use. In each study, we observe the changes in users’ behavior in response to our proposed password strength meter. We find that the ELM-augmented password strength meter is significantly effective at addressing the challenges of password-based authentication. Users exposed to this strength meter are more likely to change their passwords, leading to a new password that is significantly stronger. Our findings suggest that the proposed design of augmented password strength meters is an effective method for promoting secure password behavior among end users.

Suggested Citation

  • Warut Khern-am-nuai & Matthew J. Hashim & Alain Pinsonneault & Weining Yang & Ninghui Li, 2023. "Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments," Information Systems Research, INFORMS, vol. 34(1), pages 157-177, March.
    • Handle: RePEc:inm:orisre:v:34:y:2023:i:1:p:157-177
    DOI: 10.1287/isre.2022.1125
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/isre.2022.1125
    Download Restriction: no
    File URL: https://libkey.io/10.1287/isre.2022.1125?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Chung, Namho & Han, Heejeong, 2017. "The relationship among tourists' persuasion, attachment and behavioral changes in social media," Technological Forecasting and Social Change, Elsevier, vol. 123(C), pages 370-380.
    2. Bonetti, Shane, 1998. "Experimental economics and deception," Journal of Economic Psychology, Elsevier, vol. 19(3), pages 377-395, June.
    3. Steven D. Levitt & John A. List, 2007. "Viewpoint: On the generalizability of lab behaviour to the field," Canadian Journal of Economics, Canadian Economics Association, vol. 40(2), pages 347-370, May.
    4. Petty, Richard E & Cacioppo, John T & Schumann, David, 1983. "Central and Peripheral Routes to Advertising Effectiveness: The Moderating Role of Involvement," Journal of Consumer Research, Journal of Consumer Research Inc., vol. 10(2), pages 135-146, September.
    5. Jeffrey L. Jenkins & Mark Grimes & Jeffrey Gainer Proudfoot & Paul Benjamin Lowry, 2014. "Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics Monitoring and Just-in-Time Fear Appeals," Information Technology for Development, Taylor & Francis Journals, vol. 20(2), pages 196-213, April.
    6. Paul John Steinbart & Mark J. Keith & Jeffry Babb, 2016. "Examining the Continuance of Secure Behavior: A Longitudinal Field Study of Mobile Device Authentication," Information Systems Research, INFORMS, vol. 27(2), pages 219-239, June.
    7. Sanjeev Dewan & Yi-Jen (Ian) Ho & Jui Ramaprasad, 2017. "Popularity or Proximity: Characterizing the Nature of Social Influence in an Online Music Community," Information Systems Research, INFORMS, vol. 28(1), pages 117-136, March.
    8. Jeffrey L. Jenkins & Bonnie Brinton Anderson & Anthony Vance & C. Brock Kirwan & David Eargle, 2016. "More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable," Information Systems Research, INFORMS, vol. 27(4), pages 880-896, December.
    9. Tejaswini Herath & H Raghav Rao, 2009. "Protection motivation and deterrence: a framework for security policy compliance in organisations," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 106-125, April.
    10. Vivianne H. M. Visschers & Ree M. Meertens & Wim W. F. Passchier & Nanne N. K. De Vries, 2009. "Probability Information in Risk Communication: A Review of the Research Literature," Risk Analysis, John Wiley & Sons, vol. 29(2), pages 267-287, February.
    11. Rubinstein, Ariel, 1988. "Similarity and decision-making under risk (is there a utility theory resolution to the Allais paradox?)," Journal of Economic Theory, Elsevier, vol. 46(1), pages 145-153, October.
    12. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    13. Jie Zhang & Xin Luo & Somasheker Akkaladevi & Jennifer Ziegelmayer, 2009. "Improving multiple-password recall: an empirical study," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 165-176, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Yan Chen & Dennis F. Galletta & Paul Benjamin Lowry & Xin (Robert) Luo & Gregory D. Moody & Robert Willison, 2021. "Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model," Information Systems Research, INFORMS, vol. 32(3), pages 1043-1065, September.
    2. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    3. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    4. Supunmali Ahangama, 2023. "Relating Social Media Diffusion, Education Level and Cybersecurity Protection Mechanisms to E-Participation Initiatives: Insights from a Cross-Country Analysis," Information Systems Frontiers, Springer, vol. 25(5), pages 1695-1711, October.
    5. A. J. Burns & Tom L. Roberts & Clay Posey & Paul Benjamin Lowry & Bryan Fuller, 2023. "Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse," Information Systems Research, INFORMS, vol. 34(1), pages 342-362, March.
    6. Eun Hee Park & Jongwoo Kim & Lynn Wiles, 2023. "The role of collectivism and moderating effect of IT proficiency on intention to disclose protected health information," Information Technology and Management, Springer, vol. 24(2), pages 177-193, June.
    7. Obi M. Ogbanufe & Corey Baham, 2023. "Using Multi-Factor Authentication for Online Account Security: Examining the Influence of Anticipated Regret," Information Systems Frontiers, Springer, vol. 25(2), pages 897-916, April.
    8. Li, Yuanxiang John & Hoffman, Elizabeth, 2023. "Designing an incentive mechanism for information security policy compliance: An experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 212(C), pages 138-159.
    9. Wettstein, Dominik J. & Boes, Stefan, 2022. "How value-based policy interventions influence price negotiations for new medicines: An experimental approach and initial evidence," Health Policy, Elsevier, vol. 126(2), pages 112-121.
    10. Del Barrio-García, Salvador & Kamakura, Wagner A. & Luque-Martínez, Teodoro, 2019. "A Longitudinal Cross-product Analysis of Media-budget Allocations: How Economic and Technological Disruptions Affected Media Choices Across Industries," Journal of Interactive Marketing, Elsevier, vol. 45(C), pages 1-15.
    11. Güth, W., 1997. "Boundedly Rational Decision Emergence -A General Perspective and Some Selective Illustrations-," SFB 373 Discussion Papers 1997,29, Humboldt University of Berlin, Interdisciplinary Research Project 373: Quantification and Simulation of Economic Processes.
    12. Kareklas, Ioannis & Muehling, Darrel D. & King, Skyler, 2019. "The effect of color and self-view priming in persuasive communications," Journal of Business Research, Elsevier, vol. 98(C), pages 33-49.
    13. Stallen, Mirre & Smidts, Ale & Rijpkema, Mark & Smit, Gitty & Klucharev, Vasily & Fernández, Guillén, 2010. "Celebrities and shoes on the female brain: The neural correlates of product evaluation in the context of fame," Journal of Economic Psychology, Elsevier, vol. 31(5), pages 802-811, October.
    14. O'Cass, A., 2000. "An assessment of consumers product, purchase decision, advertising and consumption involvement in fashion clothing," Journal of Economic Psychology, Elsevier, vol. 21(5), pages 545-576, October.
    15. Funk, Daniel C. & Haugtvedt, Curtis P. & Howard, Dennis R., 2000. "Contemporary Attitude Theory in Sport: Theoretical Considerations and Implications," Sport Management Review, Elsevier, vol. 3(2), pages 125-144, November.
    16. Römer, Ulf & Weber, Ron & Mußhoff, Oliver & Turvey, Calcum G., 2017. "Truth and consequences: Bogus pipeline experiment in informal small business lending," DARE Discussion Papers 1702, Georg-August University of Göttingen, Department of Agricultural Economics and Rural Development (DARE).
    17. Lex Borghans & Angela Lee Duckworth & James J. Heckman & Bas ter Weel, 2008. "The Economics and Psychology of Personality Traits," Journal of Human Resources, University of Wisconsin Press, vol. 43(4).
    18. Jakina Debnam, 2017. "Selection Effects and Heterogeneous Demand Responses to the Berkeley Soda Tax Vote," American Journal of Agricultural Economics, Agricultural and Applied Economics Association, vol. 99(5), pages 1172-1187.
    19. Li, Hui & Xu, Yunjie & Huang, Lihua, 2021. "When less is more? The contingent effect of product supply limitation in the release of new electronic products," Journal of Retailing and Consumer Services, Elsevier, vol. 60(C).
    20. Wang, Le & Luo, Xin (Robert) & Li, Han, 2022. "Envy or conformity? An empirical investigation of peer influence on the purchase of non-functional items in mobile free-to-play games," Journal of Business Research, Elsevier, vol. 147(C), pages 308-324.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:34:y:2023:i:1:p:157-177. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.