Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PiXi: Password Inspiration by Exploring Information

Shengqian Wang, Amirali Salehi-Abari, Julie Thorpe

TL;DR

PiXi tackles the challenge of creating secure yet memorable passwords by prompting users to explore unusual information just before password creation, thereby nudging them away from habitual patterns. The approach combines six nudges across Facilitate, Reinforce, and Confront within a three-category exploration flow (Images, Books, Movies), plus an optional PiXi-Hints extension to assist login recall. In a two-session MTurk study with 238 participants, PiXi-produced passwords were longer and more resistant to guessing than those from a control, with higher ZXCVBN scores and improved offline-attack resilience under PiXi-Hints. The work demonstrates that curated, information-centric nudges can meaningfully improve password security while maintaining user-perceived usability, and suggests avenues for broader category coverage and long-term memorability assessment.

Abstract

Passwords, a first line of defense against unauthorized access, must be secure and memorable. However, people often struggle to create secure passwords they can recall. To address this problem, we design Password inspiration by eXploring information (PiXi), a novel approach to nudge users towards creating secure passwords. PiXi is the first of its kind that employs a password creation nudge to support users in the task of generating a unique secure password themselves. PiXi prompts users to explore unusual information right before creating a password, to shake them out of their typical habits and thought processes, and to inspire them to create unique (and therefore stronger) passwords. PiXi's design aims to create an engaging, interactive, and effective nudge to improve secure password creation. We conducted a user study ($N=238$) to compare the efficacy of PiXi to typical password creation. Our findings indicate that PiXi's nudges do influence users' password choices such that passwords are significantly longer and more secure (less predictable and guessable).

PiXi: Password Inspiration by Exploring Information

TL;DR

PiXi tackles the challenge of creating secure yet memorable passwords by prompting users to explore unusual information just before password creation, thereby nudging them away from habitual patterns. The approach combines six nudges across Facilitate, Reinforce, and Confront within a three-category exploration flow (Images, Books, Movies), plus an optional PiXi-Hints extension to assist login recall. In a two-session MTurk study with 238 participants, PiXi-produced passwords were longer and more resistant to guessing than those from a control, with higher ZXCVBN scores and improved offline-attack resilience under PiXi-Hints. The work demonstrates that curated, information-centric nudges can meaningfully improve password security while maintaining user-perceived usability, and suggests avenues for broader category coverage and long-term memorability assessment.

Abstract

Passwords, a first line of defense against unauthorized access, must be secure and memorable. However, people often struggle to create secure passwords they can recall. To address this problem, we design Password inspiration by eXploring information (PiXi), a novel approach to nudge users towards creating secure passwords. PiXi is the first of its kind that employs a password creation nudge to support users in the task of generating a unique secure password themselves. PiXi prompts users to explore unusual information right before creating a password, to shake them out of their typical habits and thought processes, and to inspire them to create unique (and therefore stronger) passwords. PiXi's design aims to create an engaging, interactive, and effective nudge to improve secure password creation. We conducted a user study () to compare the efficacy of PiXi to typical password creation. Our findings indicate that PiXi's nudges do influence users' password choices such that passwords are significantly longer and more secure (less predictable and guessable).
Paper Structure (9 sections, 2 figures, 9 tables)

This paper contains 9 sections, 2 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. System Design
  4. User Studies
  5. Results
  6. Evaluation of Nudging Efficacy
  7. Security Analysis
  8. Usability Analysis
  9. Conclusion

Figures (2)

  • Figure 1: The key user-interaction interfaces in PiXi and its extension PiXi-Hints: (a) the introduction page provides a video tutorial and instructions to users on how to use the system. By clicking the "Next" or "X" buttons, they will be directed to (b) the category page, which contains three possible content categories: Books, Movies, and Images. Once users select their desired category, they will be taken to (c) the item page, which contains 20 randomly selected items, e.g., book covers in (c). Selecting an item will lead users to (d) the keyword selection page, where they choose three keywords from a random excerpt of the text of the selected item. After selecting all three keywords, users will see the (e) keyword splash page that displays all three chosen keywords (for three seconds) to nudge them further. Finally, users will see (f) the register page which features a large display area of the selected items and keywords on the left side of the typical registration input panel.
  • Figure 2: The violin plot of user satisfaction distributions for three conditions. PiXi and PiXi-Hints users have a similar score distribution, with the majority of users reporting scores of 4 or higher, while Control users have scores concentrated between 3 and 4.