Understanding and Improving User Adoption and Security Awareness in Password Checkup Services

Sanghak Oh; Heewon Baek; Jun Ho Huh; Taeyoung Kim; Woojin Jeon; Ian Oakley; Hyoungshick Kim

doi:10.1145/3706598.3713284

Understanding and Improving User Adoption and Security Awareness in Password Checkup Services

Sanghak Oh, Heewon Baek, Jun Ho Huh, Taeyoung Kim, Woojin Jeon, Ian Oakley, Hyoungshick Kim

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Password checkup services (PCS) identify compromised, reused, or weak passwords, helping users secure at-risk accounts. However, adoption rates are low. We investigated factors influencing PCS use and password change challenges via an online survey (n=238). Key adoption factors were "perceived usefulness,""ease of use,"and "self efficacy."We also identified barriers to changing compromised passwords, including alert fatigue, low perceived urgency, and reliance on other security measures. We then designed interfaces mitigating these issues through clearer messaging and automation (e.g., simultaneous password changes and direct links to change pages). A user study (N=50) showed our designs significantly improved password change success rates, reaching 40% and 74% in runtime alert and PCS checkup reporting scenarios, respectively (compared to 16% and 60% with a baseline).

Original language	English
Title of host publication	CHI 2025 - Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems
Publisher	Association for Computing Machinery
ISBN (Electronic)	9798400713941
DOIs	https://doi.org/10.1145/3706598.3713284
State	Published - 26 Apr 2025
Event	2025 CHI Conference on Human Factors in Computing Systems, CHI 2025 - Yokohama, Japan Duration: 26 Apr 2025 → 1 May 2025

Publication series

Name	Conference on Human Factors in Computing Systems - Proceedings

Conference

Conference	2025 CHI Conference on Human Factors in Computing Systems, CHI 2025
Country/Territory	Japan
City	Yokohama
Period	26/04/25 → 1/05/25

Keywords

Password Change
Password Checkup Service
Password Manager

Access to Document

10.1145/3706598.3713284

Cite this

Oh, S., Baek, H., Huh, J. H., Kim, T., Jeon, W., Oakley, I., & Kim, H. (2025). Understanding and Improving User Adoption and Security Awareness in Password Checkup Services. In CHI 2025 - Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems Article 386 (Conference on Human Factors in Computing Systems - Proceedings). Association for Computing Machinery. https://doi.org/10.1145/3706598.3713284

@inproceedings{28d90fb9edfd493f9860f0b306c4e252,

title = "Understanding and Improving User Adoption and Security Awareness in Password Checkup Services",

abstract = "Password checkup services (PCS) identify compromised, reused, or weak passwords, helping users secure at-risk accounts. However, adoption rates are low. We investigated factors influencing PCS use and password change challenges via an online survey (n=238). Key adoption factors were {"}perceived usefulness,{"}{"}ease of use,{"}and {"}self efficacy.{"}We also identified barriers to changing compromised passwords, including alert fatigue, low perceived urgency, and reliance on other security measures. We then designed interfaces mitigating these issues through clearer messaging and automation (e.g., simultaneous password changes and direct links to change pages). A user study (N=50) showed our designs significantly improved password change success rates, reaching 40\% and 74\% in runtime alert and PCS checkup reporting scenarios, respectively (compared to 16\% and 60\% with a baseline).",

keywords = "Password Change, Password Checkup Service, Password Manager",

author = "Sanghak Oh and Heewon Baek and Huh, \{Jun Ho\} and Taeyoung Kim and Woojin Jeon and Ian Oakley and Hyoungshick Kim",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s).; 2025 CHI Conference on Human Factors in Computing Systems, CHI 2025 ; Conference date: 26-04-2025 Through 01-05-2025",

year = "2025",

month = apr,

day = "26",

doi = "10.1145/3706598.3713284",

language = "English",

series = "Conference on Human Factors in Computing Systems - Proceedings",

publisher = "Association for Computing Machinery",

booktitle = "CHI 2025 - Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems",

}

Oh, S, Baek, H, Huh, JH, Kim, T, Jeon, W, Oakley, I & Kim, H 2025, Understanding and Improving User Adoption and Security Awareness in Password Checkup Services. in CHI 2025 - Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems., 386, Conference on Human Factors in Computing Systems - Proceedings, Association for Computing Machinery, 2025 CHI Conference on Human Factors in Computing Systems, CHI 2025, Yokohama, Japan, 26/04/25. https://doi.org/10.1145/3706598.3713284

Understanding and Improving User Adoption and Security Awareness in Password Checkup Services. / Oh, Sanghak; Baek, Heewon; Huh, Jun Ho et al.
CHI 2025 - Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, 2025. 386 (Conference on Human Factors in Computing Systems - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Understanding and Improving User Adoption and Security Awareness in Password Checkup Services

AU - Oh, Sanghak

AU - Baek, Heewon

AU - Huh, Jun Ho

AU - Kim, Taeyoung

AU - Jeon, Woojin

AU - Oakley, Ian

AU - Kim, Hyoungshick

PY - 2025/4/26

Y1 - 2025/4/26

N2 - Password checkup services (PCS) identify compromised, reused, or weak passwords, helping users secure at-risk accounts. However, adoption rates are low. We investigated factors influencing PCS use and password change challenges via an online survey (n=238). Key adoption factors were "perceived usefulness,""ease of use,"and "self efficacy."We also identified barriers to changing compromised passwords, including alert fatigue, low perceived urgency, and reliance on other security measures. We then designed interfaces mitigating these issues through clearer messaging and automation (e.g., simultaneous password changes and direct links to change pages). A user study (N=50) showed our designs significantly improved password change success rates, reaching 40% and 74% in runtime alert and PCS checkup reporting scenarios, respectively (compared to 16% and 60% with a baseline).

AB - Password checkup services (PCS) identify compromised, reused, or weak passwords, helping users secure at-risk accounts. However, adoption rates are low. We investigated factors influencing PCS use and password change challenges via an online survey (n=238). Key adoption factors were "perceived usefulness,""ease of use,"and "self efficacy."We also identified barriers to changing compromised passwords, including alert fatigue, low perceived urgency, and reliance on other security measures. We then designed interfaces mitigating these issues through clearer messaging and automation (e.g., simultaneous password changes and direct links to change pages). A user study (N=50) showed our designs significantly improved password change success rates, reaching 40% and 74% in runtime alert and PCS checkup reporting scenarios, respectively (compared to 16% and 60% with a baseline).

KW - Password Change

KW - Password Checkup Service

KW - Password Manager

UR - https://www.scopus.com/pages/publications/105005713832

U2 - 10.1145/3706598.3713284

DO - 10.1145/3706598.3713284

M3 - Conference contribution

AN - SCOPUS:105005713832

T3 - Conference on Human Factors in Computing Systems - Proceedings

BT - CHI 2025 - Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems

PB - Association for Computing Machinery

T2 - 2025 CHI Conference on Human Factors in Computing Systems, CHI 2025

Y2 - 26 April 2025 through 1 May 2025

ER -

Oh S, Baek H, Huh JH, Kim T, Jeon W, Oakley I et al. Understanding and Improving User Adoption and Security Awareness in Password Checkup Services. In CHI 2025 - Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery. 2025. 386. (Conference on Human Factors in Computing Systems - Proceedings). doi: 10.1145/3706598.3713284

Understanding and Improving User Adoption and Security Awareness in Password Checkup Services

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this