Abstract
Passwords are the most widely used method of authentication on the Internet, but users find compliance with password guidelines difficult, and we know little about the long-term effects of attempts to improve compliance. In this paper, we extend the work of fear appeals use in the IS security domain to investigate their longer-term effects. We conducted a longitudinal experimental study to examine fear appeals’ long- and short-term effects. Using a model based on protection motivation theory (Rogers, 1983), we found that fear of threat, perceived password effectiveness, and password self-efficacy predicted compliance. We also found that neither perceived vulnerability to a security attack nor perceived severity of an attack influenced compliance. Providing persuasive communication improved compliance with password guidelines and resulted in significantly stronger passwords, but the effects on compliance intentions were only short term. This study extends our understanding of the factors that influence compliance with password guidelines and how we can modify them to improve compliance. We raise interesting questions about the role of fear in different IS security contexts. We also highlight the need for more research on the long-term impact of persuasive communication.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Communications of the Association for Information Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.