Towards designing effective security messages: Persuasive password guidelines

摘要

The current state of information security compliance in workplaces is deteriorating. In many cases human factors were attributed as the cause of the problem. Humans are well known as the weakest link in the security chain. Commonly, end-users will depend on security messages when confronted with security-related decision making. Most of the time, end-users will try their best to make sense of unclear instructions in order to cope with situations. This indicates the way security messages are presented is of utmost importance. However, research focusing on designing effective security messages is quite limited. This paper presents research in progress, towards designing effective security messages focusing on passwords guidelines. Our initial review indicated the lack of persuasive elements in the current password guidelines may lead to unmotivated behaviour of producing good (strong) passwords. This paper also includes initial results obtained from pilot study which reveal promising results supporting the usage of persuasion strategies to improve the current state information security compliance.