“I found the text to be encouraging” - Evaluating Different Password Strength Calculator Designs
Doneva, Rozalina 1; Hennig, Anne
; Mayer, Peter
1 Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB), Karlsruher Institut für Technologie (KIT)
; Mayer, Peter
1 Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB), Karlsruher Institut für Technologie (KIT)
Abstract:
While passwordless authentication methods are on the rise, password-based authentication remains widely used in practice. In search of effective means to promote stronger password choices, we created and evaluated the effectiveness of
six interactive password strength calculator designs with respect to usability, emotional affect, password strength, and password length, by conducting an online survey with 89 participants. The results showed that while all six designs increased password strength and length compared to the control group, the differences were not statistically significant. Based on the mean values, fear-appeal nudges yielded results of similar strength to positive-feedback nudges. Still, positive feedback nudges resulted in slightly longer passwords, breaking with the paradigm that
only fear appeals effectively support the creation of secure passwords. Furthermore, designs with additional information and guidance yielded longer and stronger passwords than those without, although the differences were not statistically significant. However, designs with additional information guidance exhibited significantly higher usability scores, indicating that providing guidance not only has the potential to enhance password security effectively but also improves usability.
six interactive password strength calculator designs with respect to usability, emotional affect, password strength, and password length, by conducting an online survey with 89 participants. The results showed that while all six designs increased password strength and length compared to the control group, the differences were not statistically significant. Based on the mean values, fear-appeal nudges yielded results of similar strength to positive-feedback nudges. Still, positive feedback nudges resulted in slightly longer passwords, breaking with the paradigm that
only fear appeals effectively support the creation of secure passwords. Furthermore, designs with additional information and guidance yielded longer and stronger passwords than those without, although the differences were not statistically significant. However, designs with additional information guidance exhibited significantly higher usability scores, indicating that providing guidance not only has the potential to enhance password security effectively but also improves usability.
| Zugehörige Institution(en) am KIT | Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2026 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-1-970672-07-7 KITopen-ID: 1000189751 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | Symposium on Usable Security and Privacy (USEC) 2026, 27 February 2026, San Diego, CA, USA. Ed.: K. Seamons |
| Veranstaltung | Symposium on Usable Security and Privacy (USEC 2026), San Diego, CA, USA, 23.02.2026 – 27.02.2026 |