Mathieu Christmann, Technische Universität Darmstadt; Peter Mayer and Melanie Volkamer, Karlsruhe Institute of Technology
Traditional password policies comprise rules to enforce a complex composition and demand mandatory changes in frequent intervals. Nowadays, we know that more modern password policies favoring length over complexity and abstaining from frequent password changes offer a better usability and provide higher security compared to the old-fashioned policies. Shifting from such a demanding password policy to a modern one unburdens users long-term and thus, can be used to formulate a deal offering this long-term benefit in exchange for a short-term time cost.
In this paper we present a study investigating such a deal: employees of a company were offered to change to a more usable password policy, but in return they were asked to first watch a short explanatory video about password security and then subsequently change their password according to the new policy and the advice in the video. To that end, we created a communication package comprising an introductory email and an explanatory video. The results of our user study show that this approach can be an effective way to shift to a contemporary password policy and – at the same time – raise awareness about issues and misconceptions surrounding password security among users.
@inproceedings{christmann-21-modern-policy,
author = {Christmann, Mathieu and Mayer, Peter and Volkamer, Melanie},
title = {{How to Effectively Communicate Benefits of Introducing a Modern Password Policy to Employees in Companies}},
booktitle = {Who Are You?! Adventures in Authentication Workshop},
year = {2021},
series = {WAY~'21},
pages = {1--7},
address = {Virtual Conference},
month = aug,
publisher = {}
} % No publisher