Passwords remain the dominant authentication mechanism for information security. Unfortunately, research has shown that most passwords are highly insecure. Given the risks of using weak passwords, there is a need to effectively motivate users to select strong passwords. In this study we examine the influence of interactivity, as well as static and interactive fear appeals, on motivating users to increase the strength of their passwords. We developed a field experiment involving the account registration process of a website in use in which we observed the strength of passwords chosen by users. Data were collected from 354 users in 65 countries. We found that while the interactive password strength meter and static fear appeal treatments were not effective, the interactive fear appeal treatment resulted in significantly stronger passwords. Our findings suggest that interactive fear appeals are a promising means of encouraging a range of secure behaviors in end users.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...