Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Password security comics: can they actually change user behaviour?


(@lalit)
Member Admin
Joined: 1 year ago
Posts: 235
Topic starter  

TL;DR: Password-security cartoons and shareable images are being packaged for onboarding, training, and internal communication to make strong, unique passwords easier to teach and remember, according to Bitwarden. The operational value is real, but only if teams pair awareness content with enforcement, password managers, and lifecycle controls.

NHIMG editorial — based on content published by Bitwarden: password-security cartoons and shareable awareness assets

Questions worth separating out

Q: How should security teams use password education without overrelying on it?

A: Security teams should use password education to reinforce the behaviour they want, not to replace the controls that make it possible.

Q: Why do users still reuse weak passwords even after training?

A: Users reuse weak passwords when the cost of doing the right thing is higher than the cost of taking a shortcut.

Q: What breaks when password guidance is not tied to workflow design?

A: What breaks is behaviour consistency.

Practitioner guidance

  • Embed password guidance into onboarding Place password education in the first access journey, where users set expectations and complete initial account setup.
  • Standardise password manager enrolment Make password manager use part of default provisioning for new starters and reactivated accounts.
  • Measure reuse and workaround behaviour Track signs of credential habit problems such as reused passwords, browser-saved secrets, help desk password resets, and manual sharing.

What's in the full article

Bitwarden's full blog post covers the creative assets and usage ideas this analysis intentionally leaves at the source:

  • Downloadable password-security images designed for onboarding workflows and internal training use
  • The specific visual themes used across the series, including emojis, characters, and password-manager messaging
  • Practical suggestions for sharing the assets across communication and collaboration channels
  • Copy-and-paste friendly graphics intended for team education and awareness campaigns

👉 Read Bitwarden's password-security blog post and download the awareness assets →

Password security comics: can they actually change user behaviour?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9713
 

Password awareness is necessary, but it is not a control. Cartoon-based guidance can improve recall and reduce policy resistance, but it does not change access behaviour unless the underlying identity experience also changes. Password reuse, browser storage, and shared workarounds persist when the organisation leaves users to manage complexity on their own. The implication is that awareness content should be judged against identity outcomes, not engagement alone.

A few things that frame the scale:

A question worth separating out:

Q: How can organisations tell whether password controls are actually working?

A: Look for operational signals, not campaign engagement. Fewer password resets, lower reuse, reduced browser-saved credentials, and higher password-manager adoption show whether the control model is changing behaviour. If those indicators do not move, the programme is informing users but not governing access effectively.

👉 Read our full editorial: Password security cartoons aim to make strong credentials stick



   
ReplyQuote
Share: