Users tend to create weak passwords even for the important accounts. The prior research shed light on user's insecure password behavior, and why the interventions, including requirement specification (e.g., password composition policies) and feedback systems (e.g., password meters) fail in practice. To this end, we propose and evaluate the concept: priming-through-persuasion in the realm of secure password creation. In particular, we created visual designs, aimed at priming users about the repercussions of weak passwords before their password creation. We base our designs on two forms of persuasion methods: pathos and logos. Pathos appeals to people's emotion in order to persuade them towards an expected behavior, where logos-based rhetoric appeals to a person's sense of reason. We conducted a lab study including participatory design and semi-structured interview with 20 participants. We updated our designs in an iterative manner based on the feedback from our participants in the lab study. To evaluate our updated designs, we conducted a between-subject online study with 131 participants over Amazon Mechanical Turk. Our study provides insight into how the use of persuasion techniques contributed to user attachment and engagement with the design, as well as the comprehension of the conveyed message about password vulnerabilities. Our findings lead to the guideline for future research on leveraging the priming-through-persuasion to complement the existing techniques in encouraging users towards secure behavior.
Read full abstract