KIT | KIT-Bibliothek | Impressum | Datenschutz

How to Effectively Communicate Benefits of Introducing a Modern Password Policy to Employees in Companies

Christmann, Mathieu; Mayer, Peter ORCID iD icon; Volkamer, Melanie


Traditional password policies comprise rules to enforce a complex composition and demand mandatory changes in frequent intervals. Nowadays, we know that more modern password policies favoring length over complexity and abstaining from frequent password changes offer a better usability and provide higher security compared to the old-fashioned policies. Shifting from such a demanding password policy to a modern one unburdens users long-term and thus, can be used to formulate a deal offering this long-term benefit in exchange for a short-term time cost. In this paper we present a study investigating such a deal: employees of a company were offered to change to a more usable password policy, but in return they were asked to first watch a short explanatory video about password security and then subsequently change their password according to the new policy and the advice in the video. To that end, we created a communication package comprising an introductory email and an explanatory video. The results of our user study show that this approach can be an effective way to shift to a contemporary password policy and - at the same time - raise awareness about issues and misconceptions surrounding password security among users.

Postprint §
DOI: 10.5445/IR/1000135399
Veröffentlicht am 01.01.2023
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2021
Sprache Englisch
Identifikator KITopen-ID: 1000135399
HGF-Programm 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems
Erschienen in Eighteenth Symposium on Usable Privacy and Security, August 7–9, 2022, Boston, MA, USA
Veranstaltung 18th/31st Symposium on Usable Privacy and Security / Co-located with USENIX Security (SOUPS 2022), Online, 07.08.2022 – 09.08.2022
Bemerkung zur Veröffentlichung Who are you? Adventures in Authentication Workshop (WAY), 8. August 2021
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page