Actu
New Technique to Improve Password Security
September 2024 by American Friends of the Hebrew University & Hebrew University of Jerusalem
Internet passwords and security updates often appear at inopportune times and are thus ignored, leading Hebrew University of Jerusalem and U.C. Berkeley researchers to devise a new simple and effective approach that could significantly improve cybersecurity behavior.
© Lim Yong Hian
According to a new study led by Prof. Eyal Pe’er from the Hebrew University Federmann School of Public Policy and published in ACM Transactions on Computer-Human Interaction, allowing internet users the choice to delay important security tasks, with a promise to complete them later, increases the likelihood that they will actually do the update.
"Security tasks often interrupt users at inconvenient times, leading to procrastination or outright neglect," says Prof. Pe’er. "Our research shows that by allowing users to delay these and commit to completing them later, we can significantly increase the rate at which users complete critical security actions. This approach offers a practical behavioral solution to a common problem in online security."
The series of online experiments focused on understanding how these “nudges” could affect users’ willingness to change a compromised password. The study found that participants who made a promise to change their password later or requested a reminder were much more likely to follow through on their commitment. The effect was further enhanced when participants were reminded of their previous commitment, leading to a net positive impact on cybersecurity behavior.
More than 80% of computer breaches are related to stolen, weak, or reused passwords. In 2022 alone, over 24 billion passwords were exposed by hackers.
The implications of this study are far-reaching, offering an effective strategy to improve cybersecurity compliance among internet users. By incorporating delay options and commitment nudges into security protocols, online platforms, and services can better protect their users from potential security threats.
The research paper titled “Protect Me Tomorrow”: Commitment Nudges to Remedy Compromised Passwords” is now available at ACM Journals and can be accessed at https://doi.org/10.1145/3689038.
The study was funded with a grant from the National Science Foundation (NSF) and the US-Israel Binational Science Foundation (BSF).
Researchers:
Eyal Pe’er1, Alisa Frik2, Conor Gilsenan3, Serge Egelman2,3
Institution:
1. The Federmann School of Public Policy, Hebrew University of Jerusalem, Jerusalem, Israel
2. International Computer Science Institute, Berkeley, USA
3. University of California, Berkeley, USA
About the Hebrew University of Jerusalem
The Hebrew University of Jerusalem is Israel’s premier academic and research institution. Serving over 23,000 students from 90 countries, the University produces nearly 40% of Israel’s civilian scientific research and has received over 11,000 patents. Faculty and alumni of the Hebrew University have won eight Nobel Prizes, two Turing Awards, and a Fields Medal. For more information about the Hebrew University, please visit http://new.huji.ac.il/en.
About American Friends of the Hebrew University
American Friends of the Hebrew University (AFHU) is a national, not-for-profit organization based in the United States. AFHU is headquartered in New York and has seven regional offices working in close partnership with the Hebrew University of Jerusalem. AFHU provides supporters, Hebrew University alumni, and the public with stimulating programs and events and organizes missions to Israel. The organization’s activities support scholarly and scientific achievement at HU, create scholarships, fund new facilities, and assist the University’s efforts to recruit outstanding new faculty. For more information, please visit http://www.afhu.org.
