Improving Compliance with Password Guidelines: How User Perceptions of Passwords and Security Threats Affect Compliance with Guidelines

Mwagwabi, Florence; McGill, Tanya; Dixon, Michael

doi:10.1109/hicss.2014.396

Cited by 23 publications

(21 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Literature [91,92] shows that problems may occur when attempting to implement HIPAA, and no consensus has been reached as to the implementation and compliance requirements of HIPAA's security and privacy rules [93]. However the HIPAA documents selected have been previously used in surveys [94], exploratory studies [95] and to define security risk-oriented patterns [96]. Moreover, generic security and privacy principles (password strength, secure use of e-mails, the Internet and the Intranet, PHI protection of printers and screens, etc.)…”

Section: Limitationsmentioning

confidence: 99%

Analysis of health professional security behaviors in a real clinical setting: An empirical study

Fernández-Alemán

Sánchez-Henarejos

Toval

et al. 2015

International Journal of Medical Informatics

View full text Add to dashboard Cite

Section: Limitationsmentioning

confidence: 99%

Analysis of health professional security behaviors in a real clinical setting: An empirical study

Fernández-Alemán

Sánchez-Henarejos

Toval

et al. 2015

International Journal of Medical Informatics

View full text Add to dashboard Cite

“…However, they did not test the proposed model. Mwagwabi, McGill, and Dixon (2014) examined a partial TTAT model and reported significant relationships between susceptibility and threat and between severity and threat but did not test the interaction between susceptibility and severity. Couraud (2014) invoked a partial model in extending TTAT using risk sensitivity.…”

Section: Technology Threat Avoidance Theorymentioning

confidence: 99%

Refining Technology Threat Avoidance Theory

Carpenter¹,

Young²,

Barrett³

et al. 2019

CAIS

View full text Add to dashboard Cite

Understanding individual threat avoidance motivation and behavior is a critical component in designing effective cyber security solutions for both users and organizations. Technology threat avoidance theory (TTAT) asserts that individuals' perceptions regarding their susceptibility to and the resulting severity of technology threats influence their awareness of the threats, which, in turn, influences their motivation and behavior to avoid them. While TTAT provides cogently and logically explains individuals' technology threat motivations and behaviors, empirical tests have produced equivocal results particularly in terms of the influence of susceptibility and severity on threat perceptions. Due to these inconsistencies in the threat calculus involving susceptibility, severity, and threat, we need more work to improve and understand individual threat motivations. Additionally, TTAT does not account for individual differences such as risk propensity, distrust propensity, and impulsivity that have been shown to affect cyber security behavior. To address these gaps, we present an empirical assessment of a refined TTAT model, which includes individual differences and models the influence of susceptibility on threat perceptions as partially mediated by severity. Results indicate that, while perceived susceptibility is a significant predictor of threat perceptions, severity perceptions partially mediates its effect. Our results also support the inclusion of risk propensity and distrust propensity in the TTAT model as personal characteristics that significantly affect overall threat perceptions.

show abstract

“…Ifinedo, 2012;Siponen, Mahmood, & Pahnila, 2014). However, this over-representation of organization-focused research is giving way to more recent studies of home computer users (Anderson & Agarwal, 2010;Liang & Xue, 2010;Mwagwabi, McGill, & Dixon, 2014;Woon, Tan, & Low, 2005;Zhang & McDowell, 2009) in recognition of the vulnerability of home users and the potential flow on effects from home user breaches to organizational breaches (Jenkins, Grimes, Proudfoot, & Lowry, 2014;Winkler, 2009). While there may be similarities in "security behavior" that span both the organizational and home environments, Li and Siponen (2011) identified nine contextual factors that differentiate the home setting from organizational use, including the role of technical support, training, sanctions and organizational policies among others, calling for focused research with home users.…”

Section: Introductionmentioning

confidence: 99%

“…Protection Motivation Theory (PMT) (Rogers, 1975(Rogers, , 1983 has been widely used to try to explain user security behavior with some success (e.g., Crossler, Long, Loraas, & Trinkle, 2014;Herath & Rao, 2009;Ifinedo, 2012;Vance, Siponen, & Pahnila, 2012); however, the majority of this research has taken place in an organizational context and research using it to understand personal computing security behavior has shown more mixed results, particularly with respect to the role of perceived vulnerability to threats (Liang and Xue 2010;Mwagwabi, McGill, and Dixon 2014;Zhang and McDowell 2009). The study described in this paper addresses the need to improve understanding of home computer and mobile device computing security behavior by testing a model of personal computing security behavior that is based on PMT, but is extended to incorporate findings from the personal computing domain on the roles of psychological ownership and social influence (Anderson & Agarwal, 2010;Tu, Turel, Yuan, & Archer, 2015).…”

Section: Introductionmentioning

confidence: 99%

“Security begins at home”: Determinants of home computer and mobile device security behavior

Thompson

McGill

Wang

2017

Computers & Security

123

View full text Add to dashboard Cite

He holds MSc and PhD degrees and works in the area of Computer Security and Information Systems. His research interests include affective computing, human-computer interaction and information security. Xuequn (Alex) Wang is a Lecturer in Murdoch University. He received his Ph.D. in Information Systems from Washington State University. His research interests include knowledge management, online communities, and idea generation. His research has appeared (or is forthcoming) in Communications of the

show abstract

Improving Compliance with Password Guidelines: How User Perceptions of Passwords and Security Threats Affect Compliance with Guidelines

Cited by 23 publications

References 32 publications

Analysis of health professional security behaviors in a real clinical setting: An empirical study

Analysis of health professional security behaviors in a real clinical setting: An empirical study

Refining Technology Threat Avoidance Theory

“Security begins at home”: Determinants of home computer and mobile device security behavior

Contact Info

Product

Resources

About