Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

Online Users' Password Security Behavior : The Effects of Fear Appeals and Message Framing, and Mechanism of Password Security Behavior

온라인 사용자의 비밀번호 보호행위 : 공포 소구와 메시지 프레이밍 효과, 그리고 비밀번호 보호행위의 동기요인

  • Received : 2017.03.27
  • Accepted : 2017.08.14
  • Published : 2017.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, there have been numerous issues about password breaches and it is becoming important for the users to manage their passwords. In practice, the online service provider are asking the online users to change their passwords periodically. However, majority of the users are not changing their passwords regularly, and this can increase the risk of password breach. The purpose of this study is to investigate whether 'fear appeals' and 'message framing' enhance the behavior of changing passwords by the online users. Furthermore, we identify the mechanism on how the behavior of changing passwords is enabled using protection motivation theory. The results of an online experiment show that the online users who are exposed to 'fear appeals' perceived a more vulnerability and severity of password breaches, which in turn, increased the intention of changing their password. In addition, we found that perceived severity of password breaches affect fear positively. Moreover, we found that fear has significant impact on the willingness of changing passwords. Finally, Message framing plays a moderating role between fear and change intentions. That is, in a situation where 'fear appeal' is presented, it means that 'gain framing' is more effective than 'loss framing' These findings suggest that the online service providers may need to use 'fear appeals' to the online users. Security managers can address issues related to the password breaches by carefully designing 'fear appeals'.

Keywords

References

  1. Angst, C.M. and R. Agarwal, "Adoption of Electronic Health Records in the Presence of Privacy Concerns : The Elaboration Likelihood Model and Individual Persuasion", MIS Quarterly, Vol.33, No.2, 2009, 339-370. https://doi.org/10.2307/20650295
  2. Bandura, A., Self-efficacy in Changing Societies, Cambridge University Press, 1995.
  3. Chen, Y. and F.M. Zahedi, "Individuals' Internet Security Perceptions and Behaviors : Polycontextual Contrasts between the United States and China", MIS Quarterly, Vol.40, No.1, 2016, 205-222. https://doi.org/10.25300/MISQ/2016/40.1.09
  4. Boss, S.R., D.F. Galletta, P.B. Lowry, G.D. Moody, and P. Polak, "What Do Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors", MIS Quarterly, Vol.39, No.4, 2015, 837-864. https://doi.org/10.25300/MISQ/2015/39.4.5
  5. Easterling, D.V. and H. Leventhal, "Contribution of Concrete Cognition to Emotion : Neutral Symptoms as Elicitors of Worry about Cancer", Journal of Applied Psychology, Vol.74, No.5, 1989, 787. https://doi.org/10.1037/0021-9010.74.5.787
  6. Fishbein, M. and I. Ajzen, Belief Attitude, Intention and Behavior, Reading, MA : Addison-Wesley, 1975.
  7. Gaeth, G.J., I.P. Levin, D.A. Cours, and S. Combs, "Framing of Attribute Information in Product Description", Advances in Consumer Research, Vol.17, No.2, 1990, 531-534.
  8. Ganzach, Y. and N. Karsahi, "Message Framing and Buying Behavior : A Field Experiment", Journal of Business Research, Vol.32, No.1, 1995, 11-17. https://doi.org/10.1016/0148-2963(93)00038-3
  9. Gefen, D., D. Straub, and M. Boudreau, "Structural Equation Modeling and Regression :Guidelines for Research Practice", Communications of the Association for Information Systems, Vol.4, No.7, 2000, 1-77.
  10. Ha, S.W. and H.J. Kim, "The Effects of User's Security Awareness on Password Security Behavior", Digital Contents Society, Vol.14, No.2, 2013, 179-189. (하상원, 김형중, "정보보안의식이 패스워드 보안행동에 미치는 영향에 관한 연구", 한국디지털콘텐츠학회논문지, 제14권, 제2호, 2013, 179-189.) https://doi.org/10.9728/dcs.2013.14.2.179
  11. Hanus, B. and Y.A. Wu, "Impact of Users Security Awareness on Desktop Security Behavior : A Protection Motivation Theory Perspective", Information Systems Management, Vol.33, No.1, 2016, 2-16. https://doi.org/10.1080/10580530.2015.1117842
  12. Henseler, J., C.M. Ringle, and R.R. Sinkovics, "The Use of Partial Least Squares Path Modeling in International Marketing", In New Challenges to International Marketing, Emerald Group Publishing Limited, 2009, 277-319.
  13. Homer, P.M. and S.G. Yoon, "Message Framing and the Interrelationships among Ad-based Feelings, Affect, and Cognition", Journal of Advertising, Vol.21, No.1, 1992, 19-33. https://doi.org/10.1080/00913367.1992.10673357
  14. Jeon, J.O., Q. Le, and H.H. Park, "The Influence of Scarcity Message Type and Message Framing on Impulse Buying Effect in Online Pice Discount Advertising : Focusing on the Moderating Effect of Need for Cognitive Closure", The Korean Journal of Consumer and Advertising Psychology, Vol.14, No.4, 2013, 549-574. (전중옥, 이 금, 박현희, "희소성 메시지 유형과 메시지 프레이밍에 따른 온라인 광고의 충동구매 효과", 한국심리학회지 : 소비자․광고, 제14권, 제4호, 2013, 549-574.) https://doi.org/10.21074/kjlcap.2013.14.4.549
  15. Johnston, A.C. and M. Warkentin, "Fear Appeals and Information Security Behaviors : An Empirical Study", MIS Quarterly, Vol.34, No.3, 2010, 549-566. https://doi.org/10.2307/25750691
  16. KISA, "A Survey on the Use of Digital Signatures by the Public in 2015", 2015. (한국인터넷진흥원, "2015년 대국민 전자서명 이용 실태 조사", 2015.)
  17. Kurila, J., L. Lazuras, and P.H. Ketikidis, "Message Framing and Acceptance of Branchless Banking Technology", Electronic Commerce Research and Applications, Vol.17, 2016, 12-18. https://doi.org/10.1016/j.elerap.2016.02.001
  18. Lee, J.R., "A Study on the Effect of Persuasion on Attitude and Framing", Korean Journal of Social Science, Vol.28, No.2, 2006, 125-144. (이재록, "태도와 프레이밍 및 설득과의 관계에 관한 연구", 한국사회과학연구, 제28권, 제2호, 2006, 125-144.)
  19. Lee, Y., "Understanding Anti-plagiarism Software Adoption : An Extended Protection Motivation Theory Perspective", Decision Support Systems, Vol.50, No.2, 2011, 361-369. https://doi.org/10.1016/j.dss.2010.07.009
  20. Liang, H. and Y. Xue, "Understanding Security Behaviors in Personal Computer Usage : A Threat Avoidance Perspective", Journal of the Association for Information Systems, Vol.11, No.7, 2010, 394-413. https://doi.org/10.17705/1jais.00232
  21. Maddux, J.E. and R.W. Rogers, "Protection Motivation and Self-efficacy : A Revised Theory of Fear Appeals and Attitude Change", Journal of Experimental Social Psychology, Vol. 19, No.5, 1983, 469-479. https://doi.org/10.1016/0022-1031(83)90023-9
  22. Meyerowitz, B.E. and S. Chaiken, "The Effect of Message Framing on Breast Self-examination Attitudes, Intentions, and Behavior", Journal of Personality and Social Psychology, Vol.52, No.3, 1987, 500-510. https://doi.org/10.1037/0022-3514.52.3.500
  23. Mwagwabi, F., T. McGill, and M. Dixon, "Improving Compliance with Password Guidelines : How User Perceptions of Passwords and Security Threats Affect Compliance with Guidelines", System Sciences(HICSS), 2014 47th Hawaii International Conference on, 2014.
  24. Ortony, A. and T.J. Turner, "What's Basic about Basic Emotions?", Psychological Review, Vol.97, No.3, 1990, 315-331. https://doi.org/10.1037/0033-295X.97.3.315
  25. Park, J.P., "Users' Security Protection Through Fear Appeal : A Behavioral Economics Approach", Ph.D Thesis, Yonsei University, South Korea, 2015. (박종필, "공포소구를 통한 온라인 사용자들의 보안 강화 : 행동경제학적 접근으로", 박사학위논문, 연세대학교, 2015.)
  26. Rogers, R.W., "A Protection Motivation Theory of Fear Appeals and Attitude Change 1", The Journal of Psychology, Vol.91, No.1, 1975, 93-114. https://doi.org/10.1080/00223980.1975.9915803
  27. Rogers, R.W., "Cognitive and Physiological Processes in Fear Appeals and Attitude Change : A Revised Theory of Protection Motivation", Social Psychophysiology, 1983, 153-176.
  28. Shropshire, J.D., M. Warkentin, and A.C. Johnston, "Impact of Negative Message Framing on Security Adoption", Journal of Computer Information Systems, Vol.51, No.1, 2010, 41-51.
  29. Tsai, H.Y.S., M. Jiang, S. Alhabash, R. LaRose, N.J. Rifon, and S.R. Cotten, "Understanding Online Safety Behaviors : A Protection Motivation Theory Perspective", Computers and Security, Vol.59, 2016, 138-150. https://doi.org/10.1016/j.cose.2016.02.009
  30. Vance, A., D. Eargle, K. Ouimet, and D. Straub, "Enhancing Password Security Through Interactive Fear Appeals : A Web-based Field Experiment", 2013 46th Hawaii International Conference on System Sciences, 2988-2997.
  31. Witte, K., "Predicting Risk Behaviors : Development and Validation of a Diagnostic Scale", Journal of Health Communication, Vol.1, 1996, 317-341. https://doi.org/10.1080/108107396127988
  32. Witte, K., "Putting the Fear Back into Fear Appeals : The Extended Parallel Process Model", Communications Monographs, Vol.59, No.4, 1992, 329-349. https://doi.org/10.1080/03637759209376276
  33. Witte, K., G. Meyer, and D. Martell, "Effective Health Risk Messages : A Step-by-Step Guide", Sage Publications, 2001.
  34. Woon, I., G.W. Tan, and R. Low, "A Protection Motivation Theory Approach to Home Wireless Security", International Conference on Information on Systems, 2005, 367-390.
  35. Workman, M., W.H. Bommer, and D. Straub, "The Amplification Effects of Procedural Justice on a Threat Control Model of Information Systems Security Behaviours", Behaviour and Information Technology, Vol.28, No.6, 2009, 563-575. https://doi.org/10.1080/01449290802556021
  36. Zhang, L. and W. McDowell, "Am I Really at Risk? Determinants of Online Users' Intentions to Use Strong Passwords", Journal of Internet Commerce, Vol.8, No.3, 2009, 180-197. https://doi.org/10.1080/15332860903467508