Abstract
Passwords are a popular means of authentication for online accounts, but users struggle to compose and remember numerous passwords, resorting to insecure coping strategies. Prior research on graphical authentication schemes showed that modifying the interface can encourage more secure passwords. In this study (\(N=59\)), we explored the use of implicit (website background and advertisements) and explicit (word suggestions) cues to influence password composition. We found that 60.59% of passwords were influenced by the interface cues. Our work discusses how designers can use these findings to improve authentication interfaces for better password security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abdrabou, Y., et al.: Your eyes tell you have used this password before: identifying password reuse from gaze and keystroke dynamics (2022)
Abdrabou, Y., et al.: GazeMeter: exploring the usage of gaze behaviour to enhance password assessments. Association for Computing Machinery, New York, NY, USA (2021). https://doi.org/10.1145/3448017.3457384
Alt, F., Schneegass, S.: Beyond passwords-challenges and opportunities of future authentication. IEEE Secur. Priv. 20(1), 82–86 (2021). http://www.florian-alt.org/unibw/wp-content/publications/alt2021ieeesp.pdf, alt2021ieeesp
Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78–87 (2015). https://doi.org/10.1145/2699390
Dunphy, P., Yan, J.: Do background images improve draw a secret graphical passwords? In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 36–47. ACM (2007)
Forget, A., Chiasson, S., Van Oorschot, P.C., Biddle, R.: Improving text passwords through persuasion. In: Proceedings of the 4th Symposium on Usable Privacy and Security, pp. 1–12. ACM (2008)
Hanamsagar, A., Woo, S.S., Kanich, C., Mirkovic, J.: Leveraging semantic transformation to investigate password habits and their causes, pp. 1–12. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3173574.3174144
Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.: The design and analysis of graphical passwords. In: 8th USENIX Security Symposium (USENIX Security 99). USENIX Association, Washington, D.C., August 1999. https://www.usenix.org/conference/8th-usenix-security-symposium/design-and-analysis-graphical-passwords
Jeyaraman, S., Topkara, U.: Have the cake and eat it too - infusing usability into text-password based authentication systems. In: 21st Annual Computer Security Applications Conference (ACSAC 2005), pp. 10 pp.-482 (2005)
Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. Association for Computing Machinery, New York, NY, USA (2011). https://doi.org/10.1145/1978942.1979321
Pond, R., Podd, J., Bunnell, J., Henderson, R.: Word association computer passwords: the effect of formulation techniques on recall and guessing rates. Comput. Secur. 19(7), 645–656 (2000). https://doi.org/10.1016/S0167-4048(00)07023-1
Porter, S.N.: A password extension for improved human factors. Comput. Secur. 1(1), 54–56 (1982)
Seitz, T., Hartmann, M., Pfab, J., Souque, S.: Do differences in password policies prevent password reuse? In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA 2017, pp. 2056–2063. Association for Computing Machinery, New York, NY, USA (2017). https://doi.org/10.1145/3027063.3053100
Seitz, T., von Zezschwitz, E., Meitner, S., Hussmann, H.: Influencing self-selected passwords through suggestions and the decoy effect. In: Proceedings of the 1st European Workshop on Usable Security, Internet Society, Darmstadt. vol. 2, pp. 1–2 (2016)
Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 Chi Conference on Human Factors in Computing Systems, pp. 3775–3786 (2017)
Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 157–173. USENIX Association, Austin, TX, August 2016. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004). https://doi.org/10.1109/MSP.2004.81
von Zezschwitz, E., et al.: On quantifying the effective password space of grid-based unlock gestures. In: Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia, pp. 201–212. ACM (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Abdrabou, Y., Asbeck, M., Pfeuffer, K., Abdelrahman, Y., Hassib, M., Alt, F. (2023). Empowering Users: Leveraging Interface Cues to Enhance Password Security. In: Abdelnour Nocera, J., Kristín Lárusdóttir, M., Petrie, H., Piccinno, A., Winckler, M. (eds) Human-Computer Interaction – INTERACT 2023. INTERACT 2023. Lecture Notes in Computer Science, vol 14142. Springer, Cham. https://doi.org/10.1007/978-3-031-42280-5_22
Download citation
DOI: https://doi.org/10.1007/978-3-031-42280-5_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42279-9
Online ISBN: 978-3-031-42280-5
eBook Packages: Computer ScienceComputer Science (R0)
