Encouraging Users to Change Breached Passwords Using the Protection Motivation Theory

被引：1

作者：

Zou, Yixin ^{[1
]}

Le, Khue ^{[2
]}

Mayer, Peter ^{[3
]}

Acquisti, Alessandro ^{[4
]}

Aviv, Adam j. ^{[5
]}

Schaub, Florian ^{[2
]}

机构：

[1] Max Planck Inst Secur & Privacy, Bochum, Germany

[2] Univ Michigan, Ann Arbor, MI USA

[3] Univ Southern Denmark, Odense, Denmark

[4] Carnegie Mellon Univ, Pittsburgh, PA USA

[5] George Washington Univ, Washington, DC USA

来源：

ACM TRANSACTIONS ON COMPUTER-HUMAN INTERACTION | 2024年 / 31卷 / 05期

关键词：

Data Breach; Passwords; Protection Motivation Theory; Threat Appeal; Coping Appeal; Online Experiment; SECURITY POLICY COMPLIANCE; FEAR APPEALS; BEHAVIOR; INTERVENTION; METAANALYSIS; FRAMEWORK; THREATS; MODEL; SAFE;

D O I：

10.1145/3689432

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

We draw on the Protection Motivation Theory (PMT) to design interventions that encourage users to change breached passwords. Our online experiment (n = 1,386) compared the effectiveness of a threat appeal (highlighting the negative consequences after passwords were breached) and a coping appeal (providing instructions on changing the breached password) in a 2 x 2 factorial design. Compared to the control condition, participants receiving the threat appeal were more likely to intend to change their passwords, and participants receiving both appeals were more likely to end up changing their passwords. Participants' password change behaviors are further associated with other factors, such as their security attitudes (SA-6) and time passed since the breach, suggesting that PMT-based interventions are useful but insufficient to fully motivate users to change their passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.

引用

页数：45

共 110 条

[1] Abramova S, 2023, PROCEEDINGS OF THE 32ND USENIX SECURITY SYMPOSIUM, P715
[2] THE THEORY OF PLANNED BEHAVIOR
AJZEN, I
[J]. ORGANIZATIONAL BEHAVIOR AND HUMAN DECISION PROCESSES, 1991, 50 (02) : 179 - 211
[3] Al Qahtani E, 2018, PROCEEDINGS OF THE FOURTEENTH SYMPOSIUM ON USABLE PRIVACY AND SECURITY, P31
[4] Albayram Y, 2017, PROCEEDINGS OF THIRTEENTH SYMPOSIUM ON USABLE PRIVACY AND SECURITY (SOUPS 2017), P49
[5] Alkaldi N, 2019, PROCEEDINGS OF THE 52ND ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, P4824
[6] Alkaldi Nora., 2016, P 1 EUR WORKSH US SE, p5:1, DOI DOI 10.14722/EUROUSEC.2016.23011
[7] Anderson CL, 2010, MIS QUART, V34, P613
[8] [Anonymous], 2021, Identity Theft Resource Centers 2021 Annual Data Breach Report Sets New Record for Number of Compromises
[9] [Anonymous], 2022, Census bureau releases new educational attainment data
[10] [Anonymous], 2021, U.S. Census Bureau QuickFacts: United States. Census Bureau QuickFacts

← 1 2 3 4 5 6 7 8 9 10 →