Abstract or Summary:
Users of password-protected systems have to be persuaded to follow certain regulations to keep systems secure. This paper describes the results of a first study of the mental models, metaphors, attitudes and skills users hold with respect to password mechanisms. It shows that users are currently not motivated to adopt proper password practices. They do not believe that they ultimately can stop somebody from getting into the system, or that somebody getting in could cause them any serious personal harm. We recommend a novel approach to the design of training and online support, which is based on an appropriate use of fear appeals.