Compliance with security guidelines in teenagers

Abstract

What drives teenagers to comply with computer password guidelines? Using an extended form of protection motivation theory (PMT) (Rogers, 1983), we found that even if teenage computer users believe they are susceptible to being hacked, or that being hacked would be detrimental, it has no bearing on their password choices. Other motives outside of PMT also drive teenage security behaviour. Personal norms fully mediate the relationship between the perceived severity of threat and compliance intentions such that perceived severity is not sufficient to encourage compliance. Teenagers must actually feel obligated to comply. While personal norms may encourage compliance, concerns about feeling embarrassed or ashamed if their social media accounts are hacked into actually encourages compliance. On the other hand, peer influence, such as the fear of being teased about someone hacking into their account, discourages compliance. Our study contributes to understanding early security practices and highlights potential differences between adult and teenage behaviours to consider in future studies. For example, our findings suggest that password security guidelines alone will not suffice to ensure teenage compliance; they may need enforced password rules at the authentication level to eliminate any opportunity to violate password rules. Our study will benefit children and parents as well as organizations that have changed work practices to enable employees to work from home, but which places children in danger of clicking on malicious links on their parents’ computers. To our knowledge, this is the first password security study that applies PMT to examine computer-based security behaviours in teenagers.