Abstract or Summary:
Despite passwords' long history and present ubiquity, the general population exhibits password habits that are widely regarded as poor. Reuse is rampant, and users consistently choose weak (i.e., easy to crack) passwords, which is especially dangerous in light of increasingly sophisticated attack methodologies and exponentially faster modern hardware.

This paper contributes the design and evaluation of novel techniques for nudging users to create stronger passwords through the use of waiting periods. Users who experienced voluntary or forced timeouts in the process of password creation chose stronger passwords. The improvements were found to match or exceed those from other techniques, such as strength meters and monetary incentives. Additionally, we find further evidence that time spent on password creation correlates with password strength.

PasswordResearch.com Note: This poster is expanded on in the paper Waiting Makes the Heart Grow Fonder and the Password Grow Stronger by Nathan Malkin