Abstract
Previous research often reports that password-based security is frustrating, irritating or annoying, and as a result it often leads to weak password choices. We investigated the impact of empathy as a countermeasure to the anger-related states. We designed an online study with N = 194 participants. The experimental group received an empathic message while the control group did not. Participants presented with the empathic message created significantly stronger passwords than those who did not receive the message. Our finding differs from previous research because it shows participants creating stronger passwords with an empathic response to anger arousal. This antidote to frustrated states with regards to password choice provides an initial step towards more supportive and emotionally intelligent security designs.
Kovila P.L. Coopamootoo, Empathy as a Response to Frustration in Password Choice: Proceedings of AsiaUSEC’20, Financial Cryptography and Data Security 2020 (FC). February 14, 2020 Kota Kinabalu, Sabah, Malaysia Springer, 2020.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alomari, R., Thorpe, J.: On password behaviours and attitudes in different populations. J. Inf. Secur. Appl. 45, 79–89 (2019)
American Psychological Association (APA): Publication manual. American Psychological Association, 6th revised edn. (2009)
Amsel, A.: Frustration theory: many years later. Psychol. Bull. 112(3), 396 (1992)
Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: NDSS, pp. 23–26 (2014)
Baron-Cohen, S., Wheelwright, S.: The empathy quotient: an investigation of adults with asperger syndrome or high functioning autism, and normal sex differences. J. Autism Dev. Disorders 34(2), 163–175 (2004)
Baumeister, R., Bratslavsky, E., Muraven, E., Tice, D.: Ego depletion: is the active self a limited resource? Pers. Soc. Psychol. 74, 1252–1265 (1998)
Carver, C.S.: Cognitive interference and the structure of behavior. In: Cognitive Interference: Theories, Methods, and Findings, pp. 25–45 (1996)
Coopamootoo, K.P.L., Groß, T.: Evidence-based methods for privacy and identity management. In: Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C. (eds.) Privacy and Identity 2016. IAICT, vol. 498, pp. 105–121. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-55783-0_9
Coopamootoo, K.P.L., Groß, T.: Cyber security and privacy experiments: a design and reporting toolkit. In: Hansen, M., Kosta, E., Nai-Fovino, I., Fischer-Hübner, S. (eds.) Privacy and Identity 2017. IAICT, vol. 526, pp. 243–262. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92925-5_17
Cramer, H., Goddijn, J., Wielinga, B., Evers, V.: Effects of (in) accurate empathy and situational valence on attitudes towards robots. In: 2010 5th ACM/IEEE International Conference on Human-Robot Interaction (HRI), pp. 141–142. IEEE (2010)
De Carnavalet, X.D.C., Mannan, M., et al.: From very weak to very strong: analyzing password-strength meters. In: NDSS, vol. 14, pp. 23–26 (2014)
Fahl, S., Harbach, M., Acar, Y., Smith, M.: On the ecological validity of a password study. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 13. ACM (2013)
Furnell, S., Thomson, K.L.: Recognising and addressing ‘security fatigue’. Comput. Fraud Secur. 2009(11), 7–11 (2009)
Gross, J.J., Thompson, R.A.: Emotion regulation: Conceptual foundations (2007)
Groß, T., Coopamootoo, K., Al-Jabri, A.: Effect of cognitive depletion on password choice. In: The LASER Workshop: Learning from Authoritative Security Experiment Results (LASER 2016), pp. 55–66. USENIX Association (2016)
Hara, K., Adams, A., Milland, K., Savage, S., Callison-Burch, C., Bigham, J.P.: A data-driven analysis of workers’ earnings on Amazon mechanical turk. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, p. 449. ACM (2018)
Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, pp. 133–144. ACM (2009)
Hone, K.: Empathic agents to reduce user frustration: the effects of varying agent characteristics. Interact. Comput. 18(2), 227–245 (2006)
Ickes, W.J.: Empathic Accuracy. Guilford Press, New York (1997)
Inc’, G.: Google mail account page, August 2019. https://accounts.google.com/
Inglesant, P.G., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 383–392. ACM (2010)
Klein, J., Moon, Y., Picard, R.W.: This computer responds to user frustration: theory, design, and results. Interact. Comput. 14(2), 119–140 (2002)
Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–2604. ACM (2011)
Lazarus, R.S., Folkman, S.: Stress. Appraisal, and Coping, p. 725 (1984)
Maxion, R.: Making experiments dependable. In: Jones, C.B., Lloyd, J.L. (eds.) Dependable and Historic Computing. LNCS, vol. 6875, pp. 344–357. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24541-1_26
Mayer, J.D., Gaschke, Y.N.: The experience and meta-experience of mood. J. Pers. Soc. Psychol. 55(1), 102 (1988)
Mazurek, M.L., et al.: Measuring password guessability for an entire university. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 173–186. ACM (2013)
Nwadike, U., Groß, T., Coopamootoo, K.P.L.: Evaluating users’ affect states: towards a study on privacy concerns. In: Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C. (eds.) Privacy and Identity 2016. IAICT, vol. 498, pp. 248–262. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-55783-0_17
Oatley, K., Duncan, E.: The experience of emotions in everyday life. Cogn. Emotion 8(4), 369–381 (1994)
Peisert, S., Bishop, M.: How to design computer security experiments. In: Futcher, L., Dodge, R. (eds.) WISE 2007. IAICT, vol. 237, pp. 141–148. Springer, New York (2007). https://doi.org/10.1007/978-0-387-73269-5_19
Picard, R.W.: Affective Computing. MIT Press, Cambridge (2000)
Shay, R., et al.: Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 2. ACM (2010)
Smith, A.: Cognitive empathy and emotional empathy in human behavior and evolution. Psychol. Rec. 56(1), 3–21 (2006)
Stanton, B., Theofanos, M.F., Prettyman, S.S., Furman, S.: Security fatigue. IT Prof. 18(5), 26–32 (2016)
Stueber, K.: Empathy. In: Zalta, E.N. (ed.) The Stanford Encyclopedia of Philosophy. Metaphysics Research Lab, Stanford University, fall 2019 edn. (2019)
Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3775–3786. ACM (2017)
Watson, D., Clark, L.A., Tellegen, A.: Development and validation of brief measures of positive and negative affect: the PANAS scales. J. Pers. Soc. Psychol. 54(6), 1063 (1988)
Westermann, R., Spies, K., Stahl, G., Hesse, F.W.: Relative effectiveness and validity of mood induction procedures: a meta-analysis. Eur. J. Soc. Psychol. 26(4), 557–580 (1996)
Wheeler, D.L.: zxcvbn: Low-budget password strength estimation. In: Proceedings of USENIX Security (2016)
Wright, P., McCarthy, J.: Empathy and experience in HCI. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 637–646. ACM (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
8 Appendix
8 Appendix
1.1 8.1 Password Characteristics
1.2 8.2 Password ReUse Strategy
1.3 8.3 Empathy Quotient
We measured dispositional empathy via the Empathy Quotient (EQ) questionnaire [5]. The sample had a mean EQ of 40.361, \(sd=12.778\).
We do not observe a difference between conditions. However we observe a difference between gender, where women scored a higher dispositional empathy (mean \(= 42.305\), \(sd=12.637\)), EQ, than men (mean \(= 38.495\), \(sd=12.697\)). The difference was statistically significant with the independent samples t-test, with \(t(192)=2.094\), \(p=.038\), CI[.222, 7.399], effect size Hedges \(g=.300\), CI[.017, .583], which is between a small and medium effect.
We compare the mean EQ across the different levels of bmi_anger with an ANOVA. We find a significant difference in EQ across levels of reported anger, where participants with a low EQ expressed more anger, \(F(3, 190) = 6.28\), \(p < .000\). The boxplot in Fig. 2 depicts the decreasing mean EQ as bmi_anger increases from 1 to 4.
However, we did not find a correlation between EQ and receiving empathy through bmi_understood, bmi_received or bmi_cared-for.
1.4 8.4 Impact of Password Characteristics on Emotions
Password Strength Impacts Anger Reports Model Assumptions. There is no difference in the coefficients between models, with \(X^2(2) = 2.324\), \(p=.313\). This means that the proportional odds assumption is satisfied, that is the coefficients that describe the relationship between, the lowest versus all higher levels of bmi_anger are the same as those that describe the relationship between the next lowest level and all higher level. The model goodness of fit assumption was also satisfied via the Pearson Chi-Square statistic with \(X^2(443) = 471.605\), \(p=.168\).
Password Length Impacts Anger Reports. We compute an ordinal regression model, with bmi_anger as target variable and password length as predictor. The proportional odds assumption was satisfied with \(X^2(2) = 1.523\), \(p=.467\), and the model goodness of fit assumption was satisfied via the Pearson Chi-Square statistic with \(X^2(47) = 52.562\), \(p=.267\).
The model was statistically significant with \(X^2(194,1) = 7.323\), \(p=.007\). A one unit increase in password length was associated with a \(12\%\) increase in the odds of reporting a higher level of anger, Wald \(X^2(1) = 6.947\), \(p = .008\), odds ratio 1.12. The model has a correct classification rate of \(63.4\%\). However, The proportion of variance in anger level explained by password strength is quite small with pseudo \(R^2 = 2.0\%\) (McFadden), \(3.7\%\) (Cox & Snell) and \(4.4\%\) (Nagelkerke).
Password Components Impact Anger Reports. We compute an ordinal regression model, with bmi_anger as target variable and the number of digits, lowercase letters, uppercase letters and symbols as predictors. The proportional odds assumption was satisfied with \(X^2(8) = 3.478\), \(p=.901\), and the model goodness of fit assumption was satisfied via the Pearson Chi-Square statistic with \(X^2(425) = 467.062\), \(p=.078\).
The model was statistically significant with \(X^2(198,4) = 12.838\), \(p=.012\). A one unit increase in number of digits was associated with a \(31\%\) increase in the odds of reporting a higher level of anger, Wald \(X^2(1) = 7.454\), \(p = .006\), odds ratio 1.31. A one unit increase in number of lowercase letters was associated with an \(14\%\) increase in the odds of reporting a higher level of anger, Wald \(X^2(1) = 8.317\), \(p = .004\), odds ratio 1.14. The model has a correct classification rate of \(64.4\%\). However, The proportion of variance in anger level explained by password strength is quite small with pseudo \(R^2 = 3.5 \%\) (McFadden), \(6.4 \%\) (Cox & Snell) and \(7.5\%\) (Nagelkerke).
Password Strength Impacts Reports of Excitement. We compute an ordinal regression model, with bmi_excitement as target variable and password strength as predictor. The proportional odds assumption was satisfied with \(X^2(3) = 1.871\), \(p=.600\), and the model goodness of fit assumption was satisfied via the Pearson Chi-Square statistic with \(X^2(591) = 594.171\), \(p=.456\).
The model was statistically significant with \(X^2(194,1) = 4.086\), \(p=.043\). A one unit increase in password length was associated with a \(9\%\) decrease in the odds of reporting a higher level of excitement, Wald \(X^2(1) = 4.000\), \(p = .045\), odds ratio .910. However, The proportion of variance in excitement level explained by password strength is quite small with pseudo \(R^2 = .07\%\) (McFadden), \(2.1\%\) (Cox & Snell) and \(2.2\%\) (Nagelkerke).
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Coopamootoo, K.P.L. (2020). Empathy as a Response to Frustration in Password Choice. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-54455-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-54454-6
Online ISBN: 978-3-030-54455-3
eBook Packages: Computer ScienceComputer Science (R0)