Published: September 8, 2016
Author(s)
Yee-Yin Choong (NIST), Kristen Greene (NIST)
Conference
Name: 2016 Human Factors and Ergonomics Society Annual Meeting
Dates: 09/19/2016 - 09/23/2016
Location: Washington, DC, United States
Citation: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 60, pp. 760-764
Although many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects the user experience during password rule comprehension, a necessary precursor to password generation. Our research begins to address this gap by focusing on users’ comprehension of password generation rules. Varying terms—special characters, symbols, non-alphanumeric characters, and punctuation—are used in different password rules, but mostly without explicit definition. In this laboratory study, we used character-selection and compliance-checking tasks with 60 participants to investigate effects of varying terms on users’ password rule comprehension. Results show that manipulating terminology caused participants’ interpretation of the allowed character space to shrink or expand. Our quantitative and qualitative data show that participants were extremely confused by the variety of terms for “special character.” Seemingly small changes in language have large, observable impacts on users’ understanding of password rules. Language in password requirements must be carefully constructed to ensure that users fully comprehend the allowable character space. This research is an important first step to providing data-driven guidance on constructing clearer language for password rules.
Although many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects the user experience during password rule comprehension, a necessary precursor to password generation. Our research begins to address this gap by focusing on users’...
See full abstract
Although many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects the user experience during password rule comprehension, a necessary precursor to password generation. Our research begins to address this gap by focusing on users’ comprehension of password generation rules. Varying terms—special characters, symbols, non-alphanumeric characters, and punctuation—are used in different password rules, but mostly without explicit definition. In this laboratory study, we used character-selection and compliance-checking tasks with 60 participants to investigate effects of varying terms on users’ password rule comprehension. Results show that manipulating terminology caused participants’ interpretation of the allowed character space to shrink or expand. Our quantitative and qualitative data show that participants were extremely confused by the variety of terms for “special character.” Seemingly small changes in language have large, observable impacts on users’ understanding of password rules. Language in password requirements must be carefully constructed to ensure that users fully comprehend the allowable character space. This research is an important first step to providing data-driven guidance on constructing clearer language for password rules.
Hide full abstract
Keywords
human factors; password language; password policies; password requirements; usability; usable security; user experience
Control Families
None selected