Users often make security- and privacy-relevant decisions without a clear understanding of the rules that govern safe behavior. We introduce pedagogical friction, a design approach that introduces brief, instructional interactions at the moment of action. We evaluate this approach in the context of password creation, a task with clear, objective quality criteria and broad familiarity. We conducted a randomized repeated-measures study with 128 participants across four interface conditions that varied the depth and interactivity of guidance. We assessed three outcomes: (1) rule compliance in a subsequent password task without guidance, (2) accuracy on survey questions matched to the rules shown earlier, and (3) behavior-knowledge alignment, which captures whether participants who correctly followed a rule also recognized it on the survey. Across all guided conditions, participants corrected most rule violations in the follow-up task, achieved moderate accuracy on matched rule questions, and showed high behavior-knowledge alignment. These results support pedagogical friction as a lightweight and generalizable intervention for security- and privacy-critical interfaces.

翻译：用户在进行安全和隐私相关决策时，往往对安全行为准则缺乏清晰理解。我们提出"教学摩擦"这一设计方法，即在执行操作时引入简短的教学交互。我们在密码创建这一具有明确客观质量标准和广泛认知度的任务背景下评估该方法。我们开展了一项随机重复测量研究，招募128名参与者，设置了四种界面条件，这些条件在指导深度和交互性上存在差异。我们评估了三个结果：(1) 在后续无指导密码任务中的规则遵守情况，(2) 与先前所示规则匹配的调查问题准确率，(3) 行为-知识一致性，即考察正确遵循某规则的参与者是否在调查中能识别该规则。在所有提供指导的条件下，参与者在后续任务中纠正了大部分规则违反行为，在匹配规则问题上达到中等准确率，并表现出较高的行为-知识一致性。这些结果支持教学摩擦作为一种轻量级且可推广的干预措施，适用于安全和隐私关键型界面。