Information Management & Computer Security Improving passwords : influence of emotions on security behaviour

Purpose – This paper aims to study the influence of emotions on security behaviour by reviewing Information Systems Security (ISS) topics in Information Systems (IS) literature. Researchers in ISS study how to motivate people to adhere to security policies; they mainly focus on cognitive models such as the technology acceptance model (Davis, 1985), innovation diffusion theory (Brancheau and Wetherbe, 1990), theory of planned behaviour (Mathieson, 1991) and social cognitive theory (Compeau and Higgins, 1995). Applying positive emotions such as joy and interest is feasible by adding emoticons and positive messages; we use this approach to improve password choosing. Design/methodology/approach – We apply differential emotional theory (Izard 2002) from psychology to the context of ISS. Twenty-two participants took part in an experiment with the task of choosing strong but memorable passphrases. The dependent variable is the strength of the chosen passphrase. The task for the user is to come up with a passphra...

[1]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[2]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[3]  Rui Yao,et al.  Publication Manual of the American Psychological Association , 2011 .

[4]  Iwan Gulenko Social against social engineering: Concept and development of a Facebook application to raise security and risk awareness , 2013, Inf. Manag. Comput. Secur..

[5]  Joseph E LeDoux The Emotional Brain: The Mysterious Underpinnings of Emotional Life , 1996 .

[6]  P. Ekman,et al.  Constants across cultures in the face and emotion. , 1971, Journal of personality and social psychology.

[7]  Kieran Mathieson,et al.  Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behavior , 1991, Inf. Syst. Res..

[8]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[9]  Sig Porter,et al.  A password extension for improved human factors , 1982, Comput. Secur..

[10]  Fred D. Davis A technology acceptance model for empirically testing new end-user information systems : theory and results , 1985 .

[11]  Benjamin B. M. Shao,et al.  A Behavioral Analysis of Passphrase Design and Effectiveness , 2009, J. Assoc. Inf. Syst..

[12]  W. Miller,et al.  Motivational Interviewing: Preparing People to Change Addictive Behavior , 1991 .

[13]  Alain Forget,et al.  Improving text passwords through persuasion , 2008, SOUPS '08.

[14]  Anne Beaudry,et al.  The Other Side of Acceptance: Studying the Direct and Indirect Effects of Emotions on Information Technology Use , 2010, MIS Q..

[15]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[16]  R. Biddle,et al.  Persuasion as Education for Computer Security , 2007 .

[17]  Moshe Zviran,et al.  A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[18]  Matt Bishop,et al.  Improving system security via proactive password checking , 1995, Comput. Secur..

[19]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[20]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[21]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[22]  Mo Adam Mahmood,et al.  Compliance with Information Security Policies: An Empirical Investigation , 2010, Computer.

[23]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[24]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[25]  Naoki Mukawa,et al.  Emoticons convey emotions without cognition of faces: an fMRI study , 2006, CHI Extended Abstracts.

[26]  Alan R. Dennis,et al.  CONDUCTING RESEARCH IN INFORMATION SYSTEMS , 2001 .

[27]  Qing Hu,et al.  The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies , 2007, J. Assoc. Inf. Syst..

[28]  James C. Wetherbe,et al.  The Adoption of Spreadsheet Software: Testing Innovation Diffusion Theory in the Context of End-User Computing , 1990, Inf. Syst. Res..

[29]  Moshe Zviran,et al.  Password Security: An Empirical Study , 1999, J. Manag. Inf. Syst..

[30]  David Hume A Treatise of Human Nature: Being an Attempt to introduce the experimental Method of Reasoning into Moral Subjects , 1972 .

[31]  Joseph E LeDoux,et al.  Indelibility of Subcortical Emotional Memories , 1989, Journal of Cognitive Neuroscience.

[32]  Benjamin B. M. Shao,et al.  The usability of passphrases for authentication: An empirical field study , 2007, Int. J. Hum. Comput. Stud..

[33]  Deborah Compeau,et al.  Application of Social Cognitive Theory to Training for Computer Skills , 1995, Inf. Syst. Res..

[34]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[35]  S. Paradiso The Emotional Brain: The Mysterious Underpinnings of Emotional Life , 1998 .

[36]  C. Izard Translating emotion theory and research into preventive interventions. , 2002, Psychological bulletin.

[37]  M. Angela Sasse,et al.  The compliance budget: managing security behaviour in organisations , 2009, NSPW '08.