Encouraging Users to Change Breached Passwords Using the Protection Motivation Theory-Reference-Cited by-同舟云学术

Encouraging Users to Change Breached Passwords Using the Protection Motivation Theory

Published:2024-08-30 Issue: Volume: Page:
ISSN:1073-0516
Container-title:ACM Transactions on Computer-Human Interaction
language:en
Short-container-title:ACM Trans. Comput.-Hum. Interact.

Author:

Zou Yixin¹^ORCID,Le Khue²^ORCID,Mayer Peter³^ORCID,Acquisti Alessandro⁴^ORCID,Aviv Adam J.⁵^ORCID,Schaub Florian²^ORCID

Affiliation:

1. Max Planck Institute for Security and Privacy, Germany

2. University of Michigan, USA

3. University of Southern Denmark, Denmark

4. Carnegie Mellon University, USA

5. The George Washington University, USA

Abstract

We draw on the Protection Motivation Theory (PMT) to design interventions that encourage users to change breached passwords. Our online experiment ( n =1,386) compared the effectiveness of a threat appeal (highlighting the negative consequences after passwords were breached) and a coping appeal (providing instructions on changing the breached password) in a 2×2 factorial design. Compared to the control condition, participants receiving the threat appeal were more likely to intend to change their passwords, and participants receiving both appeals were more likely to end up changing their passwords. Participants’ password change behaviors are further associated with other factors, such as their security attitudes (SA-6) and time passed since the breach, suggesting that PMT-based interventions are useful but insufficient to fully motivate users to change their passwords. Our study contributes to PMT’s application in security research and provides concrete design implications for improving compromised credential notifications.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3689432

Reference129 articles.

1. Svetlana Abramova and Rainer Böhme. Anatomy of a high-profile data breach: Dissecting the aftermath of a crypto-wallet case. In USENIX Security Symposium, pages 715–732, Anaheim, CA, USA, August 2023. USENIX. https://www.usenix.org/system/files/usenixsecurity23-abramova.pdf.

2. The theory of planned behavior

3. Elham Al Qahtani, Mohamed Shehab, and Abrar Aljohani. The effectiveness of fear appeals in increasing smartphone locking behavior among saudi arabians. In Symposium on Usable Privacy and Security, SOUPS ’18, pages 31–46, Baltimore, MD, USA, August 2018. USENIX. https://www.usenix.org/system/files/conference/soups2018/soups2018-qahtani.pdf.

4. Yusuf Albayram, Mohammad Maifi Hasan Khan, Theodore Jensen, and Nhan Nguyen. “… better to use a lock screen than to worry about saving a few seconds of time”: Effect of Fear Appeal in the Context of Smartphone Locking Behavior. In Symposium on Usable Privacy and Security, pages 49–63, Santa Clara, CA, USA, July 2017. USENIX. https://www.usenix.org/system/files/conference/soups2017/soups2017-albayram.pdf.

5. Why Do People Adopt, or Reject, Smartphone Password Managers?