Do extroverts create stronger passwords?

Abstract

We investigate the relationship between personality types and the strength of created and selected passwords. For this purpose, we conducted an experiment on Amazon’s Mechanical Turk, with 510 participants. Participants were given a pre-questionnaire that included, among others, three binary questions: “Password Awareness”, “Security Training” and “Account Hijacking”, which were used to predict participants’ exposure to passwords in the past. Our results suggest that participants with higher levels of Extroversion, tend to create stronger passwords, if they were not required to change an online account password in the past (e.g., due to a security incident). In contrast, participants with lower levels of Extroversion tend to create stronger passwords (though not significantly), if they had been required to change an online account password in the past. These results indicate that there is a distinct relationship between the Extroversion personality dimension and the way we create passwords, whether it be in a familiar situation or not. Though password strength, as investigated, is the criterion of the aforementioned tests, it is worth mentioning that Extroversion cannot be deemed a predictor in this domain. We also investigated the relationship between personality and several password characteristics such as the total length, letters, digits, and symbols used within a password. To this end, we note that for participants who have had to change an online account password for the first time, Extroversion was directly correlated with creating and selecting shorter passwords, Openness was directly correlated with creating passwords containing fewer letters, but more numbers and symbols, and Conscientiousness was directly correlated with creating passwords containing fewer symbols. These results conclude that there is a distinct correlation between the construction of passwords and personality when participants are required to change an online account password for the first time. This thesis presents the detailed observations and findings from our experiment, discuss potential considerations for contradictions, and identify related future research.