Examining the Continuance of Secure Behavior: A Longitudinal Field Study of Mobile Device Authentication
成果类型:
Article
署名作者:
Steinbart, Paul John; Keith, Mark J.; Babb, Jeffry
署名单位:
Arizona State University; Arizona State University-Tempe; Brigham Young University; Texas A&M University System; West Texas A&M University
刊物名称:
INFORMATION SYSTEMS RESEARCH
ISSN/ISSBN:
1047-7047
DOI:
10.1287/isre.2016.0634
发表日期:
2016
页码:
219-239
关键词:
information-technology usage
protection motivation
fear appeals
expectation-confirmation
policy compliance
privacy research
systems
memory
MODEL
Intention
摘要:
It is not enough to get information technology (IT) users to adopt a secure behavior. They must also continue to behave securely. Positive outcomes of secure behavior may encourage the continuance of that behavior, whereas negative outcomes may lead users to adopt less-secure behaviors. For example, in the context of authentication, login success rates may determine whether users continue to use a strong credential or switch to less secure behaviors (e.g., storing a credential or changing to a weaker, albeit easier to successfully enter, credential). Authentication is a particularly interesting security behavior for information systems researchers to study because it is affected by an IT artifact (the design of the user interface). Laptops and desktop computers use full-size physical keyboards. However, users are increasingly adopting mobile devices, which provide either miniature physical keypads or touchscreens for entering authentication credentials. The difference in interface design affects the ease of correctly entering authentication credentials. Thus, the move to use of mobile devices to access systems provides an opportunity to study the effects of the user interface on authentication behaviors. We extend existing process models of secure behaviors to explain what influences their (dis) continuance. We conduct a longitudinal field experiment to test our predictions and find that the user interface does affect login success rates. In turn, poor performance (login failures) leads to discontinuance of a secure behavior and the adoption of less-secure behaviors. In summary, we find that a process model reveals important insights about how the IT artifact leads people to (dis) continue secure behaviors.