Nudging with construal level theory to improve online password use and intended password choice: A security-usability tradeoff perspective

摘要

Purpose The purpose of this paper is to focus on a potential tradeoff between security and usability in people's use of online passwords - in general, complex passwords are secure and desirable but difficult to use (i.e. difficult to memorize) whereas simple passwords are easy to use, but are insecure and undesirable. Construal level theory (CLT) explains how high vs low construal level causes people to focus on "desirability" vs "feasibility" of an action, which in the research context can translate into the "security" vs "usability" of using passwords. Design/methodology/approach The authors conducted a series of three laboratory experiments manipulating people's construal level and investigating its impact on password use. Findings The authors found that people who were induced to think at a high construal level created or showed intention to choose stronger passwords relative to people who were induced to think at a low construal level. Furthermore, this effect was also significantly different from the control group who did not receive any experimental treatment. In addition, the authors found that perspective taking targeted at the desirability of creating a strong password further strengthened the effect of a high construal level on intended password choice. Originality/value This research makes several contributions to existing literature on password security. First, this research offers CLT as a theoretical lens to explain an individual's thinking and behavior concerning online password use. Second, this research offers empirical evidence that a high construal level improves users' password use, a desirable feature for improved security. Third, this research contributes to the literature on how to apply nudging to influence human behavior toward more desirable, stronger, password use. Finally, our research identifies PT as a factor enhancing the positive effect of a high construal level on online users' password use.