Abstract
Literature often reports users’ experience of frustration, irritation [52], annoyance [42] with respect to security. With regards to password choice, annoyance due to complexity has been linked with weaker passwords [42].
We investigate the influence of incidental anger versus neutral emotion stimulus on password choice.
We design a between-subject controlled lab experiment with N = 56 participants, with a GMail registration scenario. We employ standard video clips as mood induction protocol [59]. We measure password strength via zxcvbn and emotion via IBM’s Tone Analyzer and PANAS-X.
We find that participants in the anger stimulus condition created significantly weaker passwords than those in the neutral stimulus condition, t(54) = 2.901, p = .005, with a near large effect size, g = .77.
This study provides the empirical evidence of the effect of incidental anger emotion on password choice. Our findings are consequential for security because they suggest that if users feel frustration (which may arise from various sources including requirements for security compliance, human-computer interaction design, or any incidental life situation), the impact is likely a weaker security choice, that is, a risk-seeking rather than a risk-avoiding choice.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)
Alomari, R., Thorpe, J.: On password behaviours and attitudes in different populations. J. Inf. Secur. Appl. 45, 79–89 (2019)
American Psychological Association (APA): Publication manual, 6th revised edn. American Psychological Association (2009)
Averill, J.R.: Studies on anger and aggression: implications for theories of emotion. Am. Psychol. 38(11), 1145 (1983)
Averill, J.R.: Anger and Aggression: An Essay on Emotion. Springer, New York (2012). https://doi.org/10.1007/978-1-4612-5743-1
Beedie, C., Terry, P., Lane, A.: Distinctions between emotion and mood. Cognit. Emotion 19(6), 847–878 (2005)
Berkowitz, L., Harmon-Jones, E.: Toward an understanding of the determinants of anger. Emotion 4(2), 107 (2004)
Coan, J.A., Allen, J.J.: Handbook of emotion elicitation and assessment. Oxford University Press, Oxford (2007)
Coopamootoo, K.P.: Work in progress: Fearful users’ privacy intentions: an empirical investigation. In: Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust, pp. 82–89. ACM (2018)
Coopamootoo, K.P.L., Groß, T.: Mental models for usable privacy: a position paper. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 410–421. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07620-1_36
Coopamootoo, K.P.L., Groß, T.: Evidence-based methods for privacy and identity management. In: Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C. (eds.) Privacy and Identity 2016. IAICT, vol. 498, pp. 105–121. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-55783-0_9
Coopamootoo, K.P.L., Groß, T.: Cyber Security and Privacy Experiments: A Design and Reporting Toolkit. In: Hansen, M., Kosta, E., Nai-Fovino, I., Fischer-Hübner, S. (eds.) Privacy and Identity 2017. IAICT, vol. 526, pp. 243–262. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92925-5_17
Coopamootoo, K.P., Groß, T.: Why privacy is all but forgotten - an empirical study of privacy and sharing attitude. Proc. Priv. Enhancing Technol. 4, 39–60 (2017)
Coopamootoo, K.P., Groß, T., Pratama, M.: An empirical investigation of security fatigue - the case of password choice after solving a captcha. In: The LASER Workshop: Learning from Authoritative Security Experiment Results (LASER 2017). USENIX Association (2017)
Dunn, J.R., Schweitzer, M.E.: Feeling and believing: the influence of emotion on trust. J. Pers. Soc. Psychol. 88(5), 736 (2005)
Fahl, S., Harbach, M., Acar, Y., Smith, M.: On the ecological validity of a password study. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 13. ACM (2013)
Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th international conference on World Wide Web, pp. 657–666. ACM (2007)
Florêncio, D., Herley, C., Van Oorschot, P.C.: Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts. In: Usenix Security, pp. 575–590 (2014)
Fordyce, T., Green, S., Groß, T.: Investigation of the effect of fear and stress on password choice. In: Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust, pp. 3–15. ACM (2018)
Frijda, N.H.: The Laws of Emotion. Psychology Press, London (2017)
Furnell, S., Thomson, K.L.: Recognising and addressing ‘security fatigue’. Comput. Fraud Secur. 2009(11), 7–11 (2009)
Gaw, S., Felten, E.W.: Password management strategies for online accounts. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 44–55. ACM (2006)
Gross, J.J., Levenson, R.W.: Emotion elicitation using films. Cogniti. emotion 9(1), 87–108 (1995)
Groß, T., Coopamootoo, K., Al-Jabri, A.: Effect of cognitive depletion on password choice. In: The LASER Workshop: Learning from Authoritative Security Experiment Results (LASER 2016), pp. 55–66. USENIX Association (2016)
Grunberg, N.E., Straub, R.O.: The role of gender and taste class in the effects of stress on eating. Health Psychol. 11(2), 97 (1992)
Han, S., Lerner, J.S., Keltner, D.: Feelings and consumer decision making: the appraisal-tendency framework. J. Consum. Psychol. 17(3), 158–168 (2007)
Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, pp. 133–144. ACM (2009)
Hewig, J., Hagemann, D., Seifert, J., Gollwitzer, M., Naumann, E., Bartussek, D.: A revised film set for the induction of basic emotions. Cogn. Emot. 19(7), 1095 (2005)
Hoonakker, P., Bornoe, N., Carayon, P.: Password authentication from a human factors perspective. In: Proc. Human Factors and Ergonomics Society Annual Meeting, vol. 53, pp. 459–463. SAGE Publications (2009)
Inglesant, P.G., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 383–392. ACM (2010)
Jallais, C., Gilet, A.L.: Inducing changes in arousal and valence: comparison of two mood induction procedures. Behav. Res. methods 42(1), 318–325 (2010)
Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–2604. ACM (2011)
Lerner, J.S., Gonzalez, R.M., Small, D.A., Fischhoff, B.: Effects of fear and anger on perceived risks of terrorism: a national field experiment. Psychol. Sci. 14(2), 144–150 (2003)
Lerner, J.S., Keltner, D.: Beyond valence: toward a model of emotion-specific influences on judgement and choice. Cognit. Emotion 14(4), 473–493 (2000)
Lerner, J.S., Keltner, D.: Fear, anger, and risk. J. Pers. Soc. Psychol. 81(1), 146 (2001)
Lerner, J.S., Small, D.A., Loewenstein, G.: Heart strings and purse strings: carryover effects of emotions on economic decisions. Psychol. Sci. 15(5), 337–341 (2004)
Lerner, J., Keltner, D.: How much risk can you handle? testing the appraisal tendency hypothesis with fearful, angry, and happy people. Manuscript submitted for publication (1999)
Loewenstein, G., Lerner, J.S.: The role of affect in decision making. In: Handbook of Affective Science, vol. 619, no. 642, p. 3 (2003)
Manucia, G.K., Baumann, D.J., Cialdini, R.B.: Mood influences on helping: direct effects or side effects? J. Pers. Soc. Psychol. 46(2), 357 (1984)
Martin, M.: On the induction of mood. Clin. Psychol. Rev. 10(6), 669–697 (1990)
Maxion, R.: Making experiments dependable. Dependable and Historic Computing, pp. 344–357 (2011)
Mazurek, M.L., et al.: Measuring password guessability for an entire university. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 173–186. ACM (2013)
Peisert, S., Bishop, M.: How to design computer security experiments. In: Futcher, L., Dodge, R. (eds.) WISE 2007. IAICT, vol. 237, pp. 141–148. Springer, New York (2007). https://doi.org/10.1007/978-0-387-73269-5_19
Peters, E., Vastfjall, D., Garling, T., Slovic, P.: Affect and decision making: a “hot” topic. J. Behav. Decis. Making 19(2), 79 (2006)
Ray, R.D.: Emotion elicitation using films. In: Handbook of Emotion Elicitation and Assessment, pp. 9–28 (2007)
Schwarz, N.: Feelings as Information: Informational and Motivational Functions of Affective States. Guilford Press, New York (1990)
Schwarz, N.: Emotion, cognition, and decision making. Cogn. Emotion 14(4), 433–440 (2000)
Schwarz, N., Clore, G.L.: Mood, misattribution, and judgments of well-being: informative and directive functions of affective states. J. Pers. Soc. Psychol. 45(3), 513 (1983)
Shay, R., et al.: Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 2. ACM (2010)
Shen, C., Yu, T., Xu, H., Yang, G., Guan, X.: User practice in password security: an empirical study of real-life passwords in the wild. Comput. Secur. 61, 130–141 (2016)
Stajano, F.: Pico: no more passwords!. In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 49–81. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25867-1_6
Stanton, B., Theofanos, M.F., Prettyman, S.S., Furman, S.: Security fatigue. IT Professional 18(5), 26–32 (2016)
Tice, D.M., Bratslavsky, E., Baumeister, R.F.: Emotional distress regulation takes precedence over impulse control: if you feel bad, do it!. J. Pers. Soc. Psychol. 80(1), 53 (2001)
Verduyn, P., Delaveau, P., Rotgé, J.Y., Fossati, P., Van Mechelen, I.: Determinants of emotion duration and underlying psychological and neural mechanisms. Emot. Rev. 7(4), 330–335 (2015)
Verduyn, P., Delvaux, E., Van Coillie, H., Tuerlinckx, F., Van Mechelen, I.: Predicting the duration of emotional experience: two experience sampling studies. Emotion 9(1), 83 (2009)
Viechtbauer, W., et al.: Conducting meta-analyses in R with the metafor package. J. Stat. Softw. 36(3), 1–48 (2010)
Vohs, K.D., Baumeister, R.F., Loewenstein, G.: Do Emotions Help or Hurt Decisionmaking?: A Hedgefoxian Perspective. Russell Sage Foundation (2007)
Watson, D., Clark, L.A., Tellegen, A.: Development and validation of brief measures of positive and negative affect: the panas scales. J. Pers. Soc. Psychol. 54(6), 1063 (1988)
Westermann, R., Spies, K., Stahl, G., Hesse, F.W.: Relative effectiveness and validity of mood induction procedures: a meta-analysis. Eur. J. Soc. Psychol. 26(4), 557–580 (1996)
Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: Proceedings USENIX Security (2016)
Witte, K.: Putting the fear back into fear appeals: the extended parallel process model. Commun. Monogr. 59(4), 329–349 (1992)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Khan, L., Coopamootoo, K.P.L., Ng, M. (2020). Not Annoying the User for Better Password Choice: Effect of Incidental Anger Emotion on Password Choice. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-50309-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50308-6
Online ISBN: 978-3-030-50309-3
eBook Packages: Computer ScienceComputer Science (R0)