Introduction
In modern society, the use of online services has become essential for daily life. A diversity of data such as personal information, financial information, and communication has been exchanged in the digital online spaces. In this situation, password- based verification still continues to be used as the most common for security ways. People who provide services work to promote security by using advanced technologies such as hashing, salting, and two- phase verification [1]. However, even with the development of security technologies, users still manage their security vulnerabilities. Although internet security recommends using complex and unique passwords for all users, many users continue to use the same or similar password or simple password for easy memory.
Such behaviour is not only because of laziness or lack of awareness, but also is shaped by the balance between demands and convenience in daily life. In today’s world, where the number of online accounts continues to grow, users often need to manage lots of passwords, creating a burden that goes beyond the limits of human memory. As a result, a gap between recommended password management and actual user behavior develops [1]. This gap is aimed at password reuse attacks, resulting in constant incidents.
Although many researchers have studied users’ password behaviours from various perspectives, such as password analysis using leaked datasets and observing password creation behaviours, these studies do not completely explain the reasons and background why users choose simple passwords, even if they can set complex and unique passwords by themselves [2]. Therefore, this paper focuses on the psychological reasons behind users’ behavior based on some questions such as “why do they continue to use weak passwords despite the secure verification technologies?”
Human Factors to Use Weaker Password
Recently, service providers such as companies or government have introduced advanced information security technologies. However, the problems remain that users’ password has not completely improved. For example, many people continue to set simple, easily understood passwords, for instance, “123456” and “password”. In addition, there are some cases of reusing passwords leaked in the past across different services or accounts.
However, why do many users continue to use weak passwords even though there is widespread awareness of the need for secure passwords? This behavioural background is likely to come from not only people’s laziness, but also human psychological factors [3]. In modern society, users must manage a large number of digital accounts, and setting strong, unique passwords for each account has significantly increased the stress on memory [4]. As a result, users tend to use more memorable passwords, choosing short, simple passwords or reusing passwords [4]. In addition, users often evaluate the risk levels based on account type, setting strong passwords for money- based apps like banking while using weak passwords for social media [5] [6].
Moreover, research also shows that individual personality influences password behavior [7]. For example, people whose memory ability is weaker tend to choose easier and easier to remember weaker passwords, while those who enjoy thinking and memory ability is higher, tend to create stronger passwords. In conclusion, the continuous use of weak passwords come not only from insufficient technological development, but also from human behavior and psychology. Therefore, only advances in security technology cannot prevent attacks on the internet. What is needed in the future is to understand users’ psychology and behavioral patterns, and improve security education and support methods.
Toward Practical Password Practices for Everyday Digital Life
To improve password security behaviours, simply recommending complex passwords is not enough for users. As researchers show, the priority that users’ selection of weak passwords comes from various behavioral personalities, for example, psychological factors that prioritize memory burden and convenience. Therefore, password education and security design require an approach that understands user behavior and psychology, aiming to improve security in realistic and lower stress ways.
First, promoting information education plays an important role in promoting the appropriate setting and management of passwords. Education toward password management has already been demonstrated in Integrated Studies, junior high school technology classes, and the high school subject Information [8] [9]. It has been expected that learning at these school levels will help establish the habit of setting highly safe passwords. Evaluating students’ password creation and management skills before high school graduation is especially valuable for evaluating the effectiveness of the current curriculum and improving educational content. Furthermore, since research shows that it is necessary to consider that approaches should support learners who feel significant anxiety about their memory abilities.
In addition, considering the high population rate of smartphones and tablets among younger generations, password education should be suited to device usage patterns. Smartphone keyboards have fewer keys and are smaller in size than PCs [10]. Moreover, switching layouts is required for symbol input, making the input burden greater than on PCs [10]. According to this situation, rather than mechanically applying traditional guidance focusing diverse character types, it is necessary to explore instructions matched to the smartphone environment.
Considerations
This essay studied how psychological factors significantly influence users’ continuous use of weak passwords, rather than being only by laziness or lack of knowledge. It was especially clear that the increasing burden of managing online accounts, risk assessments based on account type, and individual differences in memory and characteristics. Therefore, rather than simply making them with weak password use as irrational, it should be understood as a rational decision by users making balance between the demands of daily life with workloads.
In addition, traditional approaches that improve password security have relied on guidance such as recommending complex, long passwords and using a variety of character types. However, these types of recommendations have been shown to increase the burden of memorization, and encourage password reuse. Therefore, password education and security design require low stress support that considers users’ behavioral personality and psychology.
In conclusion, improving password security requires not only technological advancements but also support that matches users’ psychology, and current their environments. By exploring security promoting measures based on an understanding of user behavior from three perspectives such as education, design, and support. We can expect the establishment of a more sustainable password management culture.
References
[1] E. Stobert and R. Biddle. “The password life cycle: User behaviour in managing passwords”. Carleton University Ottawa, Canada, p. 243, soups14-paper-stobert.pdf, accessed on 2025/ 12/ 8
[2] A. Hanamsagar, S. Woo, C. Kanich and J. Mirkovic, “How Users Choose and Reuse Passwords” USA, 2018, p. 218, isi-tr-715.pdf, accessed on 2025/ 12/ 8
[3] S. M. Kennison and D. E. Chan-Tin, “Personality and cognitive factors in password security behaviors” Microsoft Word – AJP_Passwordmemory.doc. Accessed on 2025/ 12/ 8
[4] Pilar, D. R. Jaeger, A., Gomes, C. F., & Stein, L. M. (2012) “Passwords usage and human memory limitations: A survey across age and educational background” https://doi.org/10.1371/journal.pone.0051067. Accessed on 2025/ 12/ 9
[5] Vu, K. P. L., Proctor, R. W. Bhargav-Spantzel, A. Tai, B. L. B., Cook, J. and Schultz, E. E. 2007, “Improving password security and memorability to protect personal and organizational information” International Journal of Human-Computer Studies, https://doi.org/10.1016/ j.ijhcs. accessed on 2025/ 12/ 9
[6] Woods, N. and Siponen, M. 2018, “Too many passwords? How understanding our memory can increase password memorability” International Journal of Human-Computer Studies, https://doi.org/10.1016/j.ijhcs. accessed on 2025/ 12/ 9
[7] Kennison, S. M. Jones, I. T. Spooner, V. H. and Chan-Tin, D. E. 2021, “Who creates strong passwords when nudging fails?” Computers in Human Behavior Reports. https://doi.org/10.1016/j.chbr. accessed on 2025/ 12/ 9
[8] 文部科学省:教育の情報化に関する手引.(2010)
http://www.mext.go.jp/a_menu/shotou/zyouhou/1259413.htm. Accessed on 2025/ 12/ 9
[9] 文部科学省:高等学校学習指導要領解説 情報編.(2010) http://www.mext.go.jp/component/a_menu/education/micro_detail/__icsFiles/afieldfile/2012/01/2 6/1282000_11.pdf. Accessed on 2025/ 12/ 9
[10] Kim, J. H. Aulck, L., Thamsuwan, O., Bartha, M. C. and Johnson, P. W. “The effects key size of touch screen virtual keyboards on productivity, usability,, and typing biomechanics”. Human Factors, 2014
About Author
