Users tend to form their own mental models of good passwords regardless of any instructions provided. They also tend to favour memorability over security. In our study comparing two mnemonic phrase-based password schemes, we found a surprising number of participants misused both schemes. Intentional or not, they misused the system such that their task of password creation and memorization became easier. Thus, we believe that instead of better instructions or password schemes, a new approach is required to convince users to create more secure passwords. One possibility may lie in employing Persuasive Technology.
SOUPS 2007: 3rd Symposium On Usable Privacy and Security
School of Computer Science

Forget, A. (Alain), Chiasson, S, & Biddle, R. (2007). Helping users create better passwords: Is this the right approach?. Presented at the SOUPS 2007: 3rd Symposium On Usable Privacy and Security. doi:10.1145/1280680.1280703