Do Security Fear Appeals Work When They Interrupt Tasks? A Multi-Method Examination of Password Strength

IF 7 2区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Mis Quarterly Pub Date : 2022-09-01 DOI:10.25300/misq/2022/15511

Anthony Vance, David Eargle, D. Eggett, D. Straub, Kirk Ouimet

{"title":"Do Security Fear Appeals Work When They Interrupt Tasks? A Multi-Method Examination of Password Strength","authors":"Anthony Vance, David Eargle, D. Eggett, D. Straub, Kirk Ouimet","doi":"10.25300/misq/2022/15511","DOIUrl":null,"url":null,"abstract":"Weak passwords are one of the most pervasive threats in cybersecurity. Facing this threat, users require guidance on how to protect themselves. A method frequently used by IS practitioners and researchers to provide this guidance is fear appeals, persuasive messages intended to prompt behavioral changes in response to a threat. However, previous research has not considered a key element of fear appeal effectiveness: task primacy. When fear appeals are a part of the primary or focal task, users’ cognitive engagement will be high by default. However, when fear appeals are delivered as secondary tasks, such as interruptive security messages, users’ engagement is likely to be low because the primary task takes priority in attentional and cognitive resources. In such cases, a remedy is needed to elicit engagement with the fear appeal. In this research note, we theorize that cognitive engagement acts as a contextual moderator that is critical to the effectiveness of fear appeals under the boundary condition of task primacy. Further, we theorize that interactivity, a mechanism that adapts message content through tailored real-time feedback in response to a user’s actions, is a key remedy to enhance engagement with fear appeals. However, to date fear appeals have largely been tested in noninteractive primary tasks, and no study has provided a theoretical explanation for why interactivity enhances the power of a fear appeal. We empirically examined engagement as a contextual moderator in two ways. First, we conducted a field experiment, which manipulated messages on a password creation form on a real-world website. Second, we performed a qualitative focus group study to triangulate the experimental results and more fully reify our theoretical model. Together, the findings reveal that interactivity acts as a catalyst to engage participants with a fear appeal, which then allows the persuasive message of the fear appeal to be internalized. The concepts of boundary condition of task primacy and engagement suggest ways that fear appeals can be more effectively applied in research and practice.","PeriodicalId":49807,"journal":{"name":"Mis Quarterly","volume":" ","pages":""},"PeriodicalIF":7.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Mis Quarterly","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.25300/misq/2022/15511","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 4

Abstract

Weak passwords are one of the most pervasive threats in cybersecurity. Facing this threat, users require guidance on how to protect themselves. A method frequently used by IS practitioners and researchers to provide this guidance is fear appeals, persuasive messages intended to prompt behavioral changes in response to a threat. However, previous research has not considered a key element of fear appeal effectiveness: task primacy. When fear appeals are a part of the primary or focal task, users’ cognitive engagement will be high by default. However, when fear appeals are delivered as secondary tasks, such as interruptive security messages, users’ engagement is likely to be low because the primary task takes priority in attentional and cognitive resources. In such cases, a remedy is needed to elicit engagement with the fear appeal. In this research note, we theorize that cognitive engagement acts as a contextual moderator that is critical to the effectiveness of fear appeals under the boundary condition of task primacy. Further, we theorize that interactivity, a mechanism that adapts message content through tailored real-time feedback in response to a user’s actions, is a key remedy to enhance engagement with fear appeals. However, to date fear appeals have largely been tested in noninteractive primary tasks, and no study has provided a theoretical explanation for why interactivity enhances the power of a fear appeal. We empirically examined engagement as a contextual moderator in two ways. First, we conducted a field experiment, which manipulated messages on a password creation form on a real-world website. Second, we performed a qualitative focus group study to triangulate the experimental results and more fully reify our theoretical model. Together, the findings reveal that interactivity acts as a catalyst to engage participants with a fear appeal, which then allows the persuasive message of the fear appeal to be internalized. The concepts of boundary condition of task primacy and engagement suggest ways that fear appeals can be more effectively applied in research and practice.

查看原文本刊更多论文

安全恐惧申诉在中断任务时有效吗？密码强度的多方法检测

弱密码是网络安全中最普遍的威胁之一。面对这种威胁，用户需要如何保护自己的指导。IS从业人员和研究人员经常使用的一种提供这种指导的方法是恐惧呼吁，即旨在促使行为改变以应对威胁的有说服力的信息。然而，之前的研究并没有考虑到恐惧吸引力有效性的一个关键因素:任务首要性。当恐惧诉求成为主要任务或焦点任务的一部分时，用户的认知参与度默认会很高。然而，当恐惧诉求作为次要任务(如中断性安全信息)传递时，用户的参与度可能会很低，因为主要任务在注意力和认知资源方面占据优先地位。在这种情况下，需要一种补救措施来引发对恐惧诉求的参与。在本研究报告中，我们认为认知参与作为情境调节因子，在任务首要的边界条件下对恐惧诉求的有效性至关重要。此外，我们认为交互性(一种通过定制实时反馈来响应用户行为来调整消息内容的机制)是增强与恐惧诉求互动的关键补救措施。然而，到目前为止，恐惧吸引力主要是在非互动性的主要任务中进行的测试，并且没有研究提供一个理论解释为什么互动性会增强恐惧吸引力的力量。我们从两方面实证地考察了参与度作为语境调节因素的作用。首先，我们进行了一个现场实验，在一个真实的网站上操纵密码创建表单上的信息。其次，我们进行了定性焦点小组研究，对实验结果进行三角化，更充分地具体化了我们的理论模型。总之，研究结果表明，互动性是一种催化剂，可以让参与者产生恐惧的吸引力，然后让恐惧吸引力的有说服力的信息被内化。任务首要性和参与性的边界条件概念为恐惧诉求在研究和实践中更有效的应用提供了思路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Mis Quarterly 工程技术-计算机：信息系统

CiteScore

13.30

自引率

4.10%

发文量

审稿时长

6-12 weeks

期刊介绍： Journal Name: MIS Quarterly Editorial Objective: The editorial objective of MIS Quarterly is focused on: Enhancing and communicating knowledge related to: Development of IT-based services Management of IT resources Use, impact, and economics of IT with managerial, organizational, and societal implications Addressing professional issues affecting the Information Systems (IS) field as a whole Key Focus Areas: Development of IT-based services Management of IT resources Use, impact, and economics of IT with managerial, organizational, and societal implications Professional issues affecting the IS field as a whole