Improving passwords: influence of emotions on security behaviour

This paper aims to study the influence of emotions on security behaviour by reviewing Information Systems Security (ISS) topics in Information Systems (IS) literature. Researchers in ISS study how to motivate people to adhere to security policies; they mainly focus on cognitive models such as the technology acceptance model (Davis, 1985), innovation diffusion theory (Brancheau and Wetherbe, 1990), theory of planned behaviour (Mathieson, 1991) and social cognitive theory (Compeau and Higgins, 1995). Applying positive emotions such as joy and interest is feasible by adding emoticons and positive messages; we use this approach to improve password choosing.

We apply differential emotional theory (Izard 2002) from psychology to the context of ISS. Twenty-two participants took part in an experiment with the task of choosing strong but memorable passphrases. The dependent variable is the strength of the chosen passphrase. The task for the user is to come up with a passphrase that is both strong and memorable. We choose a between-subject design. The independent variable is the emotional interface that the user is confronted with.

We found that 5.35 words was the mean when participants were shown positive smiley faces and messages. When exposed to negative emoticons, the mean was only 4.35 words. Through ANOVA, we find the differences to be statistically significant (F1; 20 = 3.16; p < 0.1). We derive from the experiment that positive emotions should be used in ISS when making users start a habit (e.g. developing a new, individual password strategy), and we conclude from our literature review that negative emotions should be used when reinforcing a habit (e.g. taking care of shoulder surfing).

We contribute to practice by developing a user script that can be installed in all established Internet browsers. The script supports the user to choose a good passphrase strategy when registering for a new service. We find that trainings should not rely on facts only but must make use of emotions, which are crucial for human motivation.