Acknowledgement
This work was supported by the Ministry of Education of the Republic of Korea and the National Research Foundation of Korea (NRF-2021S1A3A2A02089809).
References
- Ackerman, P. L, and Kanfer, R. (2009). Test length and cognitive fatigue: An empirical examination of effects on performance and test-taker reactions. Journal of Experimental Psychology: Applied, 15(2), 163-181. https://doi.org/10.1037/a0015719
- Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179-211. https://doi.org/10.1016/0749-5978(91)90020-T
- Ajzen, I., and Fishbein, M. (2000). Attitudes and the attitude-behavior relation: Reasoned and automatic processes. European Review of Social Psychology, 11(1), 1-33. https://doi.org/10.1080/14792779943000116
- Bagozzi, R. P. (1982). A field investigation of causal relations among cognitions, affect, intentions, and behavior. Journal of Marketing Research, 19(4), 562-584. https://doi.org/10.1177/002224378201900415
- Bethoux, F. (2006). Fatigue and multiple sclerosis. Annales de Readaptation et de Medecine Physique, 49(6), 355-360. https://doi.org/10.1016/j.annrmp.2006.04.022
- Brockner, J., and Higgins, E. T. (2001). Regulatory focus theory: Implications for the study of emotions at work. Organizational Behavior and Human Decision Processes, 86(1), 35-66. https://doi.org/10.1006/obhd.2001.2972
- Bryman, A. (2016). Social Research Methods. Oxford University Press.
- Bulgurcu, B., Cavusoglu, H., and Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
- Callegaro, M., Murakami, M. H., Tepman, Z., and Henderson, V. (2015). Yes-no answers versus check-all in sself-administered modes: A systematic review and analyses. International Journal of Market Research, 57(2), 203-224. https://doi.org/10.2501/IJMR-2015-014a
- Cameron, C. (1973). A theory of fatigue. Ergonomics, 16(5), 633-648. https://doi.org/10.1080/00140137308924554
- Chin, W. W. (1998). The Partial Least Squares Approach to Structural Equation Modeling. Mahwah, NJ:Lawrence Erlbaum.
- Cram, W. A., Proudfoot, J. G., and D'Arcy, J. (2021). When enough is enough: investigating the antecedents and consequences of information security fatigue. Information Systems Journal, 31(4), 521-549. https://doi.org/10.1111/isj.12319
- D'Arcy, J., and Lowry, P. B. (2019). Cognitive affective drivers of employees' daily compliance with information security policies: A multilevel, longitudinal study. Information Systems Journal, 29(1), 43-69. https://doi.org/10.1111/isj.12173
- D'Arcy, J., and The, P. L. (2019). Predicting employee information security policy compliance on a daily basis: the interplay of security-related stress, emotions, and neutralization. Information & Management, 56(7), 103-151. https://doi.org/10.1016/j.im.2019.02.006
- Derbaix, C. M. (1995). The impact of affective reactions on attitudes toward the advertisement and the brand: A step toward ecological validity. Journal of Marketing Research, 32(4), 470-479. https://doi.org/10. 1177/002224379503200409 https://doi.org/10.1177/002224379503200409
- Efron, B., and Tibshirani, R. (1993). An Introduction to The Bootstrap. New York: Chapman Hall.
- Feldman, B. L., and Russel, J. A. (1998). Independence and bipolarity in the structure of current affect. Journal of Personality and Social Psychology, 74(4), 967-984. https://doi.org/10.1037/0022-3514.74.4.967
- Forgas, J. P. (2008). Affect and cognition. Perspectives on Psychological Science, 3(2), 94-101. https://doi.org/10.1080/026999307 01437931
- Forgas, J. P. (1995). Mood and judgment: The affect infusion model (AIM). Psychological Bulletin, 117(1), 39-66. https://doi.org/10.1037/0033-2909.117.1.39
- Forgas, J. P., and George, J. M. (2001). Affective influences on judgments and behavior in organizations: An information processing perspective. Organizational Behavior and Human Decision Processes, 86(1), 3-34. https://doi.org/10.1006/obhd.2001.2971
- Fornell, C., and Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50. https://doi.org/10.1177/002224378101800104
- Furnell, S., Khern-am-nuai, W., Esmael, R., Yang, W., and Li, N. (2018). Enhancing security behaviour by supporting the user. Computers & Security, 75(June), 1-9. https://doi.org/10.1016/j.cose.2018.01.016
- Furnell, S., and Thomson, K. L. (2009). Recognising and addressing 'security fatigue'. Computer Fraud & Security, 11(Novermber), 7-11. https://doi.org/10.1016/S1361-3723 (09)70139-3
- Greene, K. K, and Choong, Y. Y. (2017). Must I, can I? I don't understand your ambiguous password rules. Information & Computer Security, 25(1), 80-99. https://doi.org/10.1108/ICS-06-2016-0043
- Gulenko, I. (2014). Improving passwords: influence of emotions on security behaviour. Information Management & Computer Security, 22(2), 167-178. https://doi.org/10. 1108/IMCS-09-2013-0068 https://doi.org/10.1108/IMCS-09-2013-0068
- Hair, J. F., Anderson, R. E., Tatham R. L., and Black, W. C. (1998). Multivariate Data Analysis (5th ed.). Upper Saddle River, NJ: Prentice-Hall.
- Hair, J. F., Hollingsworth, C. L., Randolph, A. B., and Chong, A. Y. L. (2012). An assessment of the use of partial least squares structural equation modeling in marketing research. Journal of the Academy of Marketing Science, 40(3), 414-433. https://doi.org/10.1007/s11747-011-0261-6
- Hair, J. F., Sarstedt, M., Ringle, C. M., and Mena, J. A. (2012). An assessment of the use of partial least squares structural equation modeling in marketing research. Journal of the Academy of Marketing Science, 40(3), 414-433. https://doi.org/10.1007/s11747-011-0261-6
- Hartwig, K., and Reuter, C. (2022). Nudging users towards better security decisions in password creation using whitebox-based multidimensional visualisations. Behaviour & Information Technology, 41(7), 1357-1380. https://doi.org/10.1080/0144929X.2021.1876167
- Henseler, J., Ringle, C. M., and Sarstedt, M. (2015). A new criterion for assessing discriminant validity in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43(1), 115-135. https://doi.org/10.1007/s11747-014-0403-8
- Huber, F., Herrmann, A., Frederik, M., Vogel, J., and Vollhardt, K. (2008). Kausalmodellierung Mit Partial Least Squares: Eine Anwendungsorientierte Einfuhrung. Springer-Verlag.
- Ilies, R., Scott, B. A., and Judge, T. A. (2006). The interactive effects of personal traits and experienced states on intraindividual patterns of citizenship behavior. Academy of Management Journal, 49(3), 561-575. https://doi.org/10.5465/amj.2006.21794672
- Inzlicht, M., Schmeichel, B. J., and Macrae, C. N. (2014). Why self-control seems (but may not be) limited. Trends in Cognitive Sciences, 18(3), 127-133. https://doi.org/10.1016/j.tics.2013.12.009
- Illich, I. (1981). Shadow Work. Salem, New Hampshire and London: Marion Boyars.
- Judge, T. A., Scott, B. A., and Ilies, R. (2006). Hostility, job attitudes, and workplace deviance: Test of a multilevel model. Journal of Applied Psychology, 91(1), 126-138. https://doi.org/10.1037/0021-9010.91.1.126
- Kaleta, J. P, Lee, J. S., and Yoo, S. (2019). Nudging with construal level theory to improve online password use and intended password choice: A security-usability tradeoff perspective. Information Technology & People, 32(4), 993-1020. https://doi. org/10.1108/ITP-01-2018-0001
- Keith, M., Shao, B., and Steinbart, P. (2009). A behavioral analysis of passphrase design and effectiveness. Journal of the Association for Information Systems, 10(2), 63-89. https://doi.org/10.17705/1jais.00184
- Khern-am-nuai, W., Hashim, M. J., Pinsonneault, A., Yang, W., and Li, N. (2022). Augmenting password strength meter design using the elaboration likelihood model: evidence from randomized experiments. Information Systems Research, Articles in Advance, 1-21.
- Kim, J., and Kang, D. (2008). A study on the factors affecting the information systems security effectiveness of password. Asia Pacific Journal of Information Systems, 18(4), 1-26.
- Kluger, B. M, Krupp, L. B., and Enoka, R. M. (2013). Fatigue and fatigability in neurologic illnesses: Proposal for a unified taxonomy. Neurology, 80(4), 409-416. https://doi.org/10.1212/WNL.0b013e31827f07be
- Kock, N. (2015). Common method bias in pls-sem: a full collinearity assessment approach. International Journal of e-Collaboration, 11(4), 1-10. https://doi.org/10.4018/ijec.2015100101
- Lambert, C. (2015). Shadow Work: The Unpaid, Unseen Jobs That Fill Your Day. Catapult.
- Lee, Y., and Kozar, K. A. (2005). Investigating factors affecting the adoption of anti-spyware systems. Communications of the ACM, 48(8), 72-77. https://doi.org/10.1145/1076211.1076243
- Li, Y., Zhang, N., and Siponen, M. (2019). Keeping secure to the end: a long-term perspective to understand employees' consequence-delayed information security violation. Behaviour & Information Technology, 38(5), 435-453. https://doi.org/10.1080/0144929X.2018.1539519
- Lowry, P. B., Twyman, N. W., Pickard, M., and Jenkins, J. L. (2014). Proposing the affect-trust infusion model (ATIM) to explain and predict the influence of high and low affect infusion on web vendor trust. Information & Management, 51(5), 579-594. https://doi.org/10.1016/j.im.2014.03.005
- Martin, J., Knopoff, K., and Beckman, C. (1998). An alternative to bureaucratic impersonality and emotional labor: bounded emotionality at the body shop. Administrative Science Quarterly, 43(2), 429-469. https://doi.org/10.2307/2393858
- Merdenyan, B., and Petrie, H. (2022). Two studies of the perceptions of risk, benefits and likelihood of undertaking password management behaviours. Behaviour & Information Technology, Article in Advance.
- Mittal, V., and Ross W. T. (1998). The impact of positive and negative affect and issue framing on issue interpretation and risk taking. Organizational Behavior and Human Decision Processes, 76(3), 298-324. https://doi.org/10.1006/obhd.1998.2808
- Oreg, S., Bartunek, J. M., Lee, G., and Do, B. (2018). An affect-based model of recipients' responses to organizational change events. Academy of Management Review, 43(1), 65-86. https://doi.org/10.5465/amr.2014.0335
- Oreg, S., Vakola, M., and Armenakis, A. (2011). Change recipients' reactions to organizational change: A 60-year review of quantitative studies. The Journal of Applied Behavioral Science, 47(4), 461-524. https://doi.org/10.1177/0021886310396550
- Park, J., and Oh, C. G. (2016). Cognitive bias and information security research: Research trends and opportunities. Asia Pacific Journal of Information Systems, 26(2), 290-298. https://doi.org/10.14329/apjis.2016.26.2.290
- Renaud, K., Zimmermann, V., Schurmann, T., and Bohm, C. (2021). Exploring cybersecurity-related emotions and finding that they are challenging to measure. Humanities and Social Sciences Communications, 8(1), 1-17. https://doi.org/10.1057/s41599-021-00746-5
- Schaubroeck, J., and Jones, J. R. (2000). Antecedents of workplace emotional labor dimensions and moderators of their effects on physical symptoms. Journal of Organizational Behavior: The International Journal of Industrial, Occupational and Organizational Psychology and Behavior, 21(2), 163-183. https://doi.org/10.1002/(SICI)1099-1379 (200003)21:2<163::AID-JOB37>3.0.CO;2-L
- Seo, M. G., Barrett, L. F., and Bartunek, J. M. (2004). The role of affective experience in work motivation. Academy of Management Review, 29(3), 423-439. https://doi.org/10.2307/20159052
- Shen, J., Barbera, J., and Shapiro, C. M. (2006). Distinguishing sleepiness and fatigue: Focus on definition and measurement. Sleep Medicine Reviews, 10(1), 63-76. https://doi.org/10.1016/j.smrv.2005.05.004
- Slovic, P., Finucane, M. L., Peters, E., and MacGregor, D. G. (2004). Risk as analysis and risk as feelings: Some thoughts about affect, reason, risk, and rationality. Risk Analysis, 24(2), pp. 311-322. https://doi.org/10.1111/j.0272-4332.2004.00433.x
- Stanton, B., Theofanos, M. F., Prettyman, S. S., and Furman, S. (2016). Security fatigue. IT Professional, 18(5), 26-32. https://doi.org/10.1109/MITP.2016.84
- Stobert, E., and Biddle, R. (2014). The password life cycle: User behaviour in managing passwords. In Paper presented at the 10th symposium on usable privacy and security (SOUPS 2014).
- Tam, L., Glassman, M., and Vandenwauver, M. (2010). The psychology of password management: A tradeoff between security and convenience. Behaviour & Information Technology, 29(3), 233-244. https://doi.org/10.1080/01449290903121386
- Urbach, N., and Ahlemann, F. (2010). Structural equation modeling in information systems research using partial least squares. Journal of Information Technology Theory and Application, 11(2), 5-40.
- Venkatesh, V., Morris, M. G., Davis, G. B., and Davis, F. D. (2003). User acceptance of information technology: Toward a unified view. MIS Quarterly, 27(3), 425-478. https://doi.org/10.2307/30036540
- Wei, M., Golla, M., and Ur, B. (2018). The password doesn't fall far: How service influences password choice. Who Are You, 87, 108-112.
- Weiss, H. M., Nicholas, J., and Daus, C. (1993). Affective and Cognitive Influences on Job Satisfaction. San Francisco, CA: Society of Industrial and Organizational Psychology.
- Weiss, H. M., and Cropanzano, R. (1996). Affective events theory: A theoretical discussion of the structure, causes and consequences of affective experiences at Work. In B. M. Staw, & L. L. Cummings (Eds.), Research in Organizational Behavior: an Annual Series of Analytical Essays and Critical Reviews (pp. 1-74). Greenwich, CT: JAI Press.
- Weiss, H. M., Nicholas, J. P., and Daus, C. S. (1999). An examination of the joint effects of affective experiences and job beliefs on job satisfaction and variations in affective experiences over time. Organizational Behavior and Human Decision Processes, 78(1), 1-24. https://doi.org/10.1006/obhd.1999.2824
- Wetzels, M., Odekerken-Schroder, G., and van Oppen, C. (2009). Using PLS path modeling for assessing hierarchical construct models: Guidelines and empirical illustration. MIS Quarterly, 33(1), 177-195. https://doi.org/10.2307/20650284
- Woods, N., and Siponen, M., (2019). Improving password memorability, while not inconveniencing the user. International Journal of Human-Computer Studies, 128(6), 61-71. https://doi.org/10.1016/j.ijhcs.2019.02.003
- Yildirim, M, and Mackie, I. (2019). Encouraging users to improve password security and memorability. International Journal of Information Security, 18(6), 741-759. https://doi.org/10.1007/s10207-019-00429-y
- Zhang, P. (2013). The affective response model: a theoretical framework of affective concepts and their relationships in the ICT context. MIS Quarterly, 37(1), 247-274. https://doi.org/10.25300/MISQ/2013/37.1.11
- Zimmermann, V., and Gerber, N. (2020), The password is dead, long live the password: A laboratory study on user perceptions of authentication schemes. International Journal of Human-Computer Studies, 133(January), 26-44. https://doi.org/10.1016/j.ijhcs.2019.08.006
- Zviran, M., and Haga, W. J. (1999). Password security: An empirical study. Journal of Management Information Systems, 15(4), 161-185. https://doi.org/10.1080/07421222.1999.11518226