Related papers: Nudging Users to Change Breached Passwords Using the Protection Motivation Theory

Nudging Users to Change Breached Passwords Using the Protection Motivation Theory

URL: http://arxiv.org/abs/2405.15308v1
Date: Fri, 24 May 2024 07:51:15 GMT
Title: Nudging Users to Change Breached Passwords Using the Protection Motivation Theory
Authors: Yixin Zou, Khue Le, Peter Mayer, Alessandro Acquisti, Adam J. Aviv, Florian Schaub,
Abstract summary: We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
Score: 58.87688846800743
License: http://creativecommons.org/licenses/by/4.0/
Abstract: We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our online experiment ($n$=$1,386$) compared the effectiveness of a threat appeal (highlighting negative consequences of breached passwords) and a coping appeal (providing instructions on how to change the breached password) in a 2x2 factorial design. Compared to the control condition, participants receiving the threat appeal were more likely to intend to change their passwords, and participants receiving both appeals were more likely to end up changing their passwords; both comparisons have a small effect size. Participants' password change behaviors are further associated with other factors such as their security attitudes (SA-6) and time passed since the breach, suggesting that PMT-based nudges are useful but insufficient to fully motivate users to change their passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.

Related papers

PassTSL: Modeling Human-Created Passwords through Two-Stage Learning [7.287089766975719]
We propose PassTSL (modeling human-created Passwords through Two-Stage Learning), inspired by the popular pretraining-finetuning framework in NLP and deep learning (DL) PassTSL outperforms five state-of-the-art (SOTA) password cracking methods on password guessing by a significant margin ranging from 4.11% to 64.69% at the maximum point. Based on PassTSL, we also implemented a password strength meter (PSM), and our experiments showed that it was able to estimate password strength more accurately.
arXiv Detail & Related papers (2024-07-19T09:23:30Z)
PassGPT: Password Modeling and (Guided) Generation with Large Language Models [59.11160990637616]
We present PassGPT, a large language model trained on password leaks for password generation. We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
arXiv Detail & Related papers (2023-06-02T13:49:53Z)
RiDDLE: Reversible and Diversified De-identification with Latent Encryptor [57.66174700276893]
This work presents RiDDLE, short for Reversible and Diversified De-identification with Latent Encryptor. Built upon a pre-learned StyleGAN2 generator, RiDDLE manages to encrypt and decrypt the facial identity within the latent space.
arXiv Detail & Related papers (2023-03-09T11:03:52Z)
Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning [102.05872020792603]
We propose an attack that anticipates and accounts for the entire federated learning pipeline, including behaviors of other clients. We show that this new attack is effective in realistic scenarios where the attacker only contributes to a small fraction of randomly sampled rounds.
arXiv Detail & Related papers (2022-10-17T17:59:38Z)
On Deep Learning in Password Guessing, a Survey [4.1499725848998965]
This paper compares various deep learning-based password guessing approaches that do not require domain knowledge or assumptions about users' password structures and combinations. We propose a promising research experimental design on using variations of IWGAN on password guessing under non-targeted offline attacks.
arXiv Detail & Related papers (2022-08-22T15:48:35Z)
Targeted Honeyword Generation with Language Models [5.165256397719443]
Honeywords are fictitious passwords inserted into databases to identify password breaches. Major difficulty is how to produce honeywords that are difficult to distinguish from real passwords.
arXiv Detail & Related papers (2022-08-15T00:06:29Z)
GNPassGAN: Improved Generative Adversarial Networks For Trawling Offline Password Guessing [5.165256397719443]
This paper reviews various deep learning-based password guessing approaches. It also introduces GNPassGAN, a password guessing tool built on generative adversarial networks for trawling offline attacks. In comparison to the state-of-the-art PassGAN model, GNPassGAN is capable of guessing 88.03% more passwords and generating 31.69% fewer duplicates.
arXiv Detail & Related papers (2022-08-14T23:51:52Z)
(How) Do people change their passwords after a breach? [9.750563575752956]
New passwords were on average 1.3x stronger than old passwords. New passwords were overall more similar to participants' other passwords. Results highlight the need for more rigorous password-changing requirements.
arXiv Detail & Related papers (2020-10-19T20:44:25Z)
Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection [44.040106718326605]
The choice of password composition policy to enforce on a password-protected system represents a critical security decision. In practice, this choice is not usually rigorous or justifiable, with a tendency for system administrators to choose password composition policies based on intuition alone. We propose a novel methodology that draws on password probability distributions constructed from large sets of real-world password data.
arXiv Detail & Related papers (2020-07-07T22:12:13Z)
Lost in Disclosure: On The Inference of Password Composition Policies [43.17794589897313]
We study how password composition policies influence the distribution of user-chosen passwords on a system. We suggest a simple approach that produces more reliable results. We present pol-infer, a tool that implements this approach, and demonstrates its use inferring password composition policies.
arXiv Detail & Related papers (2020-03-12T15:27:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.