A reminder to change compromised passwords
In the face of rising cybersecurity threats, many internet users continue to neglect essential security actions, such as installing updates or changing compromised passwords.
A new study led by Prof. Eyal Pe’er from the Federmann School of Public Policy at the Hebrew University of Jerusalem reveals that offering users the option to delay these tasks, combined with commitment nudges and reminders, significantly increases the likelihood of users eventually completing these crucial actions.
The research, conducted through a series of online experiments funded by a NSF-BSF grant to Prof. Peer and Dr. Serge Egeleman (U.C. Berkely), focused on understanding how these “nudges” could affect users’ willingness to change a compromised password. The findings are promising: when given the option to delay the task, a considerable number of participants chose to change their password later, resulting in a higher overall compliance rate without considerably reducing the number of users who opted to change their password immediately.
The study found that participants who promised to change their password later or requested a reminder were much more likely to follow through on their commitment. The effect was further enhanced when participants were reminded of their previous commitment, leading to a net positive impact on cybersecurity behaviour.
“Security tasks often interrupt users at inconvenient times, leading to procrastination or outright neglect,” explained Prof. Pe’er. “Our research shows that by allowing users to delay these and commit to completing them later, we can significantly increase the rate at which users complete critical security actions. This approach offers a practical behavioral solution to a common problem in online security.”
The implications of this study are far-reaching, offering a simple yet effective strategy to improve cybersecurity compliance among internet users. By incorporating delay options and commitment nudges into security protocols, online platforms and services can better protect their users from potential security threats.
The research paper titled ““Protect Me Tomorrow”: Commitment Nudges to Remedy Compromised Passwords” is now available at ACM Journals and can be accessed at https://doi.org/10.1145/3689038.