Choosing strong passwords and user motivation

One of the main reasons for passwords being hacked is because of users choosing weak passwords. Motivation is one of the key driving forces when doing something, which also applies when choosing good passwords. Unless your account login has been hacked before, users have little motivation whatsoever for creating good passwords. (The average user overestimates the strength of his password and underestimates the ingenuity of the hacker). Of-course the user is not to blame. Creating a strong password is hard work; you need to balance the complexity of the password with memorability. Choose a strong password and the chances are high that you will tend to forget it if you do not use it on a regular basis.

Many security conscious sites now provide a password strength indicator (Fig 1.); preventing users from registering unless they select a strong enough password. I recently used this method when creating a secure site for a client with good results.

Figure 1.

One other method I recently found is that of ‘naked passwords‘. While creating passwords, the beautiful model in the input box tastefully removes items of clothing as the password grows stronger (Fig 2). Of-course you can alter the images if they are too sensitive for your users tastes, but then you lose the motivational factor.

Figure 2.

With all the different methods I have seen around the web, this particular one takes the cake, at-least for its motivational (and fun) factor. But all said and done, I’d prefer to use the password strength meter (Fig 1.) than the above method. Using this (Fig 2) on a public site will be a sure recipe for disaster as it borders on the obscene and gender discrimination; but now we are entering into philosophical territory, which however interesting to peruse, is not the point of this post. If I plan to use this I’ll surely change the images to something interesting which can be used publicly.

One thought to “Choosing strong passwords and user motivation”

Leave a Reply

Your email address will not be published.