Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Nudging Users to Change Breached Passwords Using the Protection Motivation Theory

Yixin Zou, Khue Le, Peter Mayer, Alessandro Acquisti, Adam J. Aviv, Florian Schaub

TL;DR

This work applies Protection Motivation Theory (PMT) to breach notifications to study how threat and coping appeals influence password-change intentions and actions. Using a real-world, ecologically valid design based on Have I Been Pwned breaches, the authors compare threat-only, coping-only, both, and control conditions in a large online experiment ($n=1{,}386$). Results show threat appeals increase intention while combining threat and coping appeals enhances actual password changes, albeit with small effects; perceptions of threat and coping, user security attitudes, and breach recency further shape outcomes. The findings illuminate PMT’s value for designing compromised credential notifications but also reveal practical and contextual barriers—such as account inactivity and password-ecosystem issues—that limit motivation and behavior, pointing to layered messaging, data-flow transparency, and personalized guidance as practical directions for real-world deployments.

Abstract

We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our online experiment ($n$=$1,386$) compared the effectiveness of a threat appeal (highlighting negative consequences of breached passwords) and a coping appeal (providing instructions on how to change the breached password) in a 2x2 factorial design. Compared to the control condition, participants receiving the threat appeal were more likely to intend to change their passwords, and participants receiving both appeals were more likely to end up changing their passwords; both comparisons have a small effect size. Participants' password change behaviors are further associated with other factors such as their security attitudes (SA-6) and time passed since the breach, suggesting that PMT-based nudges are useful but insufficient to fully motivate users to change their passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.

Nudging Users to Change Breached Passwords Using the Protection Motivation Theory

TL;DR

This work applies Protection Motivation Theory (PMT) to breach notifications to study how threat and coping appeals influence password-change intentions and actions. Using a real-world, ecologically valid design based on Have I Been Pwned breaches, the authors compare threat-only, coping-only, both, and control conditions in a large online experiment (). Results show threat appeals increase intention while combining threat and coping appeals enhances actual password changes, albeit with small effects; perceptions of threat and coping, user security attitudes, and breach recency further shape outcomes. The findings illuminate PMT’s value for designing compromised credential notifications but also reveal practical and contextual barriers—such as account inactivity and password-ecosystem issues—that limit motivation and behavior, pointing to layered messaging, data-flow transparency, and personalized guidance as practical directions for real-world deployments.

Abstract

We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our online experiment (=) compared the effectiveness of a threat appeal (highlighting negative consequences of breached passwords) and a coping appeal (providing instructions on how to change the breached password) in a 2x2 factorial design. Compared to the control condition, participants receiving the threat appeal were more likely to intend to change their passwords, and participants receiving both appeals were more likely to end up changing their passwords; both comparisons have a small effect size. Participants' password change behaviors are further associated with other factors such as their security attitudes (SA-6) and time passed since the breach, suggesting that PMT-based nudges are useful but insufficient to fully motivate users to change their passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
Paper Structure (72 sections, 5 figures, 8 tables)

This paper contains 72 sections, 5 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Protection Motivation Theory
  4. PMT overview.
  5. PMT in security and privacy research.
  6. A possible intention-behavior gap.
  7. Password Policies, Behaviors, and Nudges
  8. Password policies.
  9. User behaviors.
  10. Helping users with passwords.
  11. Method
  12. Study Design
  13. Protocol
  14. Pilot testing.
  15. Recruitment & Data Collection.
  16. ...and 57 more sections

Figures (5)

  • Figure 1: The threat appeal we used in our study.
  • Figure 3: An overview of our experiment's procedure.
  • Figure 4: Example breach information shown to participants.
  • Figure 5: Company name and frequency of the breaches featured in our study (bubble size proportionate to each breach's frequency).
  • Figure 6: How often each data type got leaked among the 127 breaches in our sample, excluding email addresses and passwords (appearing in all breaches). Eliminated 26 other types occurring twice or fewer.