How to Effectively Communicate Benefits of Introducing a Modern Password Policy to Employees in Companies


Authors:

Mathieu Christmann, Technische Universität Darmstadt; Peter Mayer and Melanie Volkamer, Karlsruhe Institute of Technology

Abstract:

Traditional password policies comprise rules to enforce a complex composition and demand mandatory changes in frequent intervals. Nowadays, we know that more modern password policies favoring length over complexity and abstaining from frequent password changes offer a better usability and provide higher security compared to the old-fashioned policies. Shifting from such a demanding password policy to a modern one unburdens users long-term and thus, can be used to formulate a deal offering this long-term benefit in exchange for a short-term time cost.

In this paper we present a study investigating such a deal: employees of a company were offered to change to a more usable password policy, but in return they were asked to first watch a short explanatory video about password security and then subsequently change their password according to the new policy and the advice in the video. To that end, we created a communication package comprising an introductory email and an explanatory video. The results of our user study show that this approach can be an effective way to shift to a contemporary password policy and – at the same time – raise awareness about issues and misconceptions surrounding password security among users.

Download:
BibTeX:
@inproceedings{christmann-21-modern-policy,
    author = {Christmann, Mathieu and Mayer, Peter and Volkamer, Melanie},
    title = {{How to Effectively Communicate Benefits of Introducing a Modern Password Policy to Employees in Companies}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2021},
    series = {WAY~'21},
    pages = {1--7},
    address = {Virtual Conference},
    month = aug,
    publisher = {}
} % No publisher