发布时间:2022-01-05

Fostering End-Users’ Secure Password Management Behaviors through Password Manager App Interventions: Two Field Experiments from a Dual-System Perspective







Internet users tend to adopt duplicated, easy-to-remember passwords for their online accounts. Paradoxically, although mobile password manager apps are widely available and can help users better manage their passwords, many users resist using automatically-generated random and strong passwords. In this study, drawing upon the dual-system theory, we identified two major reasons for users to adopt weak and duplicated passwords—limited cognitive capacity and their preexisting password reuse habit. Accordingly, we designed a set of interventions in a mobile password manager app to promote the use of complex, random, and unique passwords for users’ online accounts. With a self-developed password manager app, UXApp, we conducted two longitudinal field experiments to test the effectiveness of our proposed habit-breaking and habit-formation intervention designs. The results indicate that both just-in-time warning (as a habit-breaking feature) and visualized performance dashboard (as a habit-formation feature) can significantly improve users’ password management practices. In addition, just-in-time warning has an immediate treatment effect, which is relatively stable over time; in contrast, visualized performance dashboard has a non-immediate, accumulative treatment effect over time. We enrich the current password management research by investigating the longitudinal effects of habit-breaking and habit-formation interventions, and thus contribute to practice by improving Internet users’ password management practices.


