If you’ve ever been nagged about the weakness of your password while changing account credentials on Google, Facebook, or any number of other sites, you may have wondered: do these things actually make people choose stronger passcodes? A team of scientists has concluded that the meters do work—or at least they have the potential to do so, assuming they’re set up correctly.
The researchers—from the University of California at Berkeley, the University of British Columbia in Vancouver, and Microsoft—are among the first to test the effect that the ubiquitous password meters have on real users choosing passwords.
They found that meters grading the strength of passwords had a measurable impact in helping users pick stronger passcodes that weren’t used on other accounts. But the group also discovered these new, stronger passwords weren’t any harder for users to remember than weaker ones.
The scientists were quick to point out caveats to their findings.
For one, the meters provided little benefit when users were choosing passwords while setting up a new account, as opposed to changing passwords for an already established account.
And the meters provided no improvement for accounts people considered unimportant.