Passwords are a popular means of authentication for online accounts, but users struggle to compose and remember numerous passwords, resorting to insecure coping strategies. Prior research on graphical authentication schemes showed that modifying the interface can encourage more secure passwords. In this study (N = 59), we explored the use of implicit (website background and advertisements) and explicit (word suggestions) cues to influence password composition. We found that 60.59% of passwords were influenced by the interface cues. Our work discusses how designers can use these findings to improve authentication interfaces for better password security.
https://www.unibw.de/usable-security-and-privacy/publikationen/pdf/abdrabou2023interact.pdf
As our study was remote, we implemented a JavaScript and Node.js website for the study. We used MongoDB Atlas for the database, we hosted it on Heruku and we use GazeRecorder for eye tracking7 . We also disabled auto-completion for passwords to make sure that participants created the passwords and did not use password meter suggestions. We recruited 59 participants (30 Females and 29 Males), aged 18 to 54 (M = 24.67; SD = 5.83). Participants had diverse nationalities and backgrounds, including, Engineering, law, secretaries, and workers. Participants had different nationalities from USA, Germany, Italy, UK, Turkey, India, and Russia. 12 participants had glasses on, and 7 had corrected vision using lenses. Participants did not have IT security background or experience (M = 1.5 on a scale from 1 (novice) to 5 (expert))), and finally, most of our participants use PayPal frequently (71.19%); however, they do not use 9GAG frequently (89.83%).
In this study, we aimed to investigate the impact of using implicit (e.g. website background and advertisements) and explicit (e.g. word suggestions) cues on password composition. To achieve this, we conducted a remote user study and collected passwords from 59 participants. Our analysis revealed that 60.59% of the generated passwords were influenced by the UI cues. Additionally, we found that the use of UI cues led to stronger passwords compared to those not influenced by the cues. However, it would be valuable to conduct a followup study to investigate password memorability over longer periods and explore alternative representations of UI cues that can implicitly impact password choice.