I have done a couple of interviews about peoples relationship to authentication and security.
Status seems to be that security is something that people are not too concerned about. People think typing in a password is stress and saves most of their passwords in the browser. They know that there is a risk not to have a screen lock on their phone, but trust their own ability to look after their device, and therefor feel that a screen lock is redundant.
So the question is: How can we give the users a correct image of the security?
Understanding the risk they faces with no security is essential. One attempt used to create an understanding of secure passwords have been to use a password security meter, which gives you an indication of how secure your password is.
However, during my interviews I experienced that people have more trust in their own ability to create secure passwords and don’t really trust password meters. It is no current standard of how to measure the security of a password. Because of this there are many different ways to do this measurement, and you get different results based on what meter you select. The interviews showed that people are not completely ignorant to them, but the password security meters are not very essential for the authentication method or password the users choose.
I have tested some password meters with the same password – password@?:-) as we can see they generated results all the way from very weak to very strong. And looking at this it understandable that people have trouble relying on them.
Siri goes public 