KIT | KIT-Bibliothek | Impressum | Datenschutz

How to Effectively Communicate Benefits of Introducing a Modern Password Policy to Employees in Companies

Christmann, Mathieu; Mayer, Peter ORCID iD icon; Volkamer, Melanie


Traditional password policies comprise rules to enforce a complex composition and demand mandatory changes in frequent intervals. Nowadays, we know that more modern password policies favoring length over complexity and abstaining from frequent password changes offer a better usability and provide higher security compared to the old-fashioned policies. Shifting from such a demanding password policy to a modern one unburdens users long-term and thus, can be used to formulate a deal offering this long-term benefit in exchange for a short-term time cost. In this paper we present a study investigating such a deal: employees of a company were offered to change to a more usable password policy, but in return they were asked to first watch a short explanatory video about password security and then subsequently change their password according to the new policy and the advice in the video. To that end, we created a communication package comprising an introductory email and an explanatory video. The results of our user study show that this approach can be an effective way to shift to a contemporary password policy and - at the same time - raise awareness about issues and misconceptions surrounding password security among users.

Postprint §
DOI: 10.5445/IR/1000135399
Frei zugänglich ab 01.01.2023
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2021
Sprache Englisch
Identifikator KITopen-ID: 1000135399
HGF-Programm 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems
Erschienen in Eighteenth Symposium on Usable Privacy and Security, August 7–9, 2022, Boston, MA, USA
Veranstaltung 18th/31st Symposium on Usable Privacy and Security / Co-located with USENIX Security (SOUPS 2022), Online, 07.08.2022 – 09.08.2022
Bemerkung zur Veröffentlichung Who are you? Adventures in Authentication Workshop (WAY), 8. August 2021
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page