Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments

Abstract

In this research, we study an effective method to encourage users to generate stronger passwords. Specifically, we propose a novel design of password strength meters that incorporates contextual information to help users digest the message generated by the password strength meter. We evaluate our design by leveraging three independent and complementary methods: a survey-based experiment using students to evaluate the saliency of our conceptual design (proof of concept), a controlled laboratory experiment conducted on Amazon Mechanical Turk to test the effectiveness of the proposed design (proof of value), and a randomized field experiment conducted in collaboration with an online forum in Asia to establish proof of use. In each study, we observe that users exposed to the proposed password strength meter are more likely to change their passwords, leading to a new password that is significantly stronger. Our findings suggest that the proposed design of augmented password strength meters is an effective method for promoting secure password behavior among end users. Our design also requires minimal computational resources and technical capabilities.