When it comes to creating long, secure passwords for accounts, computer users frequently fancy themselves too busy to bother, and unable to memorize nonsense. Despite understanding that weak passwords present a risk, the risk tends to seem abstract, and there’s no immediate incentive or nudge to type out and then mentally retain long chains of letters, numbers and symbols.
However, a new study is attracting attention because of its creative way of getting users to adopt new habits.
After three years of inquiry, a set of researchers found that study participants who were informed that a stronger password would mean that they could retain it for a longer duration of time, did effectively create stronger and more complex passwords. This was precisely the outcome that the researchers hoped for, and they’re enthused.
“As they [test subjects] typed, text displayed just below the password entry field told them how long it would be before the password expired.” A flimsy password would only be accepted for two weeks, while a high-quality password wouldn’t expire for a full six months. It likely didn’t hurt the information was delivered by a cute, barking cartoon dachshund.
Despite the researchers’ success, they have made clear that long, challenging-to-recall strings of letters, numbers and symbols should only be relied on in certain contexts, like “when something of real value is being protected, like a bank [account] or an email account.” Most people aren’t willing to memorize numerous meaningless or silly sequences, but they could be cajoled into memorizing one or two.
For more on this story, visit The Wall Street Journal.