Seminar (Dept. of Management Science and Engineering)

Theme：Designing Password Manager Apps to Foster Secure Password Management Practices in End-Users: a Longitudinal Field Experiment

Speaker：Jun Zhang (Associate Professor of School of Management, University of Science and Technology of China)

Time：2021-06-09 10:30

Address：Tencent Meeting

Language：Chinese/English

Venue: Tencent Meeting https://meeting.tencent.com/s/UMoAzDXM9icA 

Meeting ID：324 165 619

Password：0609

ABSTRACT：

Because humans have limited memory and cognitive capacity, Internet users tend to adopt redundant, easy-to-remember passwords for their online accounts. Paradoxically, mobile password manager apps are widely available that can help users automatically generate, store, and retrieve their passwords; but many users resist using them in deference to continuing with their weak password habits. In this study, drawing upon theories of habit breaking and habit formation, we designed a set of interventions in a mobile password manager app to promote the use of complex, random, and unique passwords for users’ online accounts. With a self-developed password manager app, UXApp, we conducted a longitudinal field experiment to test the effectiveness of our proposed habit-breaking and habit-formation intervention designs. 910 password selection behaviors were observed from 91 unique users of UXApp. The results indicate that both just-in-time warning (as a habit-breaking feature) and visualized performance dashboard (as a habit-formation feature) can significantly improve users’ password management practices. In addition, just-in-time warning has an immediate treatment effect, which is relatively stable over time; in contrast, visualized performance dashboard has a non-immediate, accumulative treatment effect over time. We enrich the current password management research by investigating the longitudinal effects of habit-breaking and habit-formation interventions, and thus contribute to practice by improving Internet users’ password management practices.

SHORT BIOGRAPHY：

Jun Zhang is currently an associate professor in MIS at the Department of Management Science, School of Management, University of Science and Technology of China. He holds a Ph.D. in information systems from the City University of Hong Kong. His research areas include human-computer interactions, online deviant behaviors, information privacy and security, and IT-enabled health behavior change. His research has been published in leading IS journals and conferences such as Information Systems Research (ISR), Journal of Management Information Systems (JMIS), Information & Management (I&M), Computers in Human Behavior (CHB), ICIS, and PACIS. He is currently an associate editor for Communication of the Association for Information Systems (CAIS), and has served as (guest) associated editors for EJIS, ICIS, PACIS, ECIS, etc.