Cybersecurity

Researchers developing tools to encourage users to change passwords

Researchers from the University of Bath and Goldsmiths investigate whether a device that plugs in to a PC and signals to a user to change their password could help improve cybersecurity.
By Gregory Hale June 20, 2019
Researchers at the University of Bath are looking to see if a simple device can encourage people to make a behavioral change to protect their data and privacy. Courtesy: University of Bath/ISSSource

People routinely put off, ignore or forget cybersecurity measures such as changing passwords, updating privacy settings and locking computer screens. And traditional cybersecurity training is failing to galvanize people to act on straightforward security measures.

Technology used in exercise and lifestyle apps, however, may hold the key to answering how to get people to change the same password they have been using for years. Taking inspiration from exercise and fitness apps that successfully nudge people to make behavioral change, researchers from the University of Bath and Goldsmiths, University of London are investigating whether a simple device that plugs in to a PC and signals when action is needed with gentle sound, lights or vibration could make the difference.

Over the last five years, the cost of cyberattacks is reported to have risen by 67%, with the majority of these data breaches being traced back to human error. It is anticipated 75% of UK companies plan to address human factors in cyberattacks in the next three years in an attempt to mitigate this.

“Humans are the weak link in cybersecurity,” said Dr. Emily Collins, research associate at the University of Bath’s School of Management. “We know that people feel overloaded with data breaches reported in the news and overwhelmed about what they should be doing to protect themselves. Many of us know we’re not on top of security, but translating that nagging worry into positive action just isn’t happening. It’s leaving us all open to serious security threats.”

The researchers hope the project, with funding from the Home Office via the National Cyber Security Programme, will help to build better habits through a subtle desktop reminder designed to gently nudge people into action without it becoming an annoyance or distraction.

“Work-based training on cybersecurity is generally very conventional, often just delivered as a one-off when people join an organization,” Collins said. “There’s scope to learn from health psychology to pinpoint what motivates people to take action to protect their cybersecurity. Our project recognizes that people can respond to a gentle, well-timed nudge and is investigating the most effective way of doing that.”

The project uses Adafruit Circuit Playgrounds, which can be programmed to detect when people leave their desks for example and remind them to lock their screen through a sequence of lights, sounds or vibrations.

The research team will create a working prototype with open-source code to be available to businesses later in the year. It could be tailored for home use in the future.

“The Adafruit Circuit Playgrounds are a fantastic opportunity to do some rapid prototyping with participants,” said Dr. Sarah Wiseman, lecturer in computer science at Goldsmiths, University of London. “The inbuilt functionality on the boards means that you don’t need much experience with electronics to take a concept from idea to reality.”

This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.


Gregory Hale
Author Bio: Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector.