Browse > Article
http://dx.doi.org/10.9716/KITS.2017.16.3.147

Online Users' Password Security Behavior : The Effects of Fear Appeals and Message Framing, and Mechanism of Password Security Behavior  

Park, Jaeyoung (연세대학교 정보대학원)
Kim, Jeondo (연세대학교 정보대학원)
Kim, Beomsoo (연세대학교 정보대학원)
Publication Information
Journal of Information Technology Services / v.16, no.3, 2017 , pp. 147-165 More about this Journal
Abstract
Recently, there have been numerous issues about password breaches and it is becoming important for the users to manage their passwords. In practice, the online service provider are asking the online users to change their passwords periodically. However, majority of the users are not changing their passwords regularly, and this can increase the risk of password breach. The purpose of this study is to investigate whether 'fear appeals' and 'message framing' enhance the behavior of changing passwords by the online users. Furthermore, we identify the mechanism on how the behavior of changing passwords is enabled using protection motivation theory. The results of an online experiment show that the online users who are exposed to 'fear appeals' perceived a more vulnerability and severity of password breaches, which in turn, increased the intention of changing their password. In addition, we found that perceived severity of password breaches affect fear positively. Moreover, we found that fear has significant impact on the willingness of changing passwords. Finally, Message framing plays a moderating role between fear and change intentions. That is, in a situation where 'fear appeal' is presented, it means that 'gain framing' is more effective than 'loss framing' These findings suggest that the online service providers may need to use 'fear appeals' to the online users. Security managers can address issues related to the password breaches by carefully designing 'fear appeals'.
Keywords
Fear Appeals; Message Framing; Password; Password Breach; Password Security Behavior; Protection Motivation Theory; Warning Message;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Workman, M., W.H. Bommer, and D. Straub, "The Amplification Effects of Procedural Justice on a Threat Control Model of Information Systems Security Behaviours", Behaviour and Information Technology, Vol.28, No.6, 2009, 563-575.   DOI
2 Zhang, L. and W. McDowell, "Am I Really at Risk? Determinants of Online Users' Intentions to Use Strong Passwords", Journal of Internet Commerce, Vol.8, No.3, 2009, 180-197.   DOI
3 Tsai, H.Y.S., M. Jiang, S. Alhabash, R. LaRose, N.J. Rifon, and S.R. Cotten, "Understanding Online Safety Behaviors : A Protection Motivation Theory Perspective", Computers and Security, Vol.59, 2016, 138-150.   DOI
4 Angst, C.M. and R. Agarwal, "Adoption of Electronic Health Records in the Presence of Privacy Concerns : The Elaboration Likelihood Model and Individual Persuasion", MIS Quarterly, Vol.33, No.2, 2009, 339-370.   DOI
5 Bandura, A., Self-efficacy in Changing Societies, Cambridge University Press, 1995.
6 Chen, Y. and F.M. Zahedi, "Individuals' Internet Security Perceptions and Behaviors : Polycontextual Contrasts between the United States and China", MIS Quarterly, Vol.40, No.1, 2016, 205-222.   DOI
7 Boss, S.R., D.F. Galletta, P.B. Lowry, G.D. Moody, and P. Polak, "What Do Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors", MIS Quarterly, Vol.39, No.4, 2015, 837-864.   DOI
8 Easterling, D.V. and H. Leventhal, "Contribution of Concrete Cognition to Emotion : Neutral Symptoms as Elicitors of Worry about Cancer", Journal of Applied Psychology, Vol.74, No.5, 1989, 787.   DOI
9 Liang, H. and Y. Xue, "Understanding Security Behaviors in Personal Computer Usage : A Threat Avoidance Perspective", Journal of the Association for Information Systems, Vol.11, No.7, 2010, 394-413.   DOI
10 Maddux, J.E. and R.W. Rogers, "Protection Motivation and Self-efficacy : A Revised Theory of Fear Appeals and Attitude Change", Journal of Experimental Social Psychology, Vol. 19, No.5, 1983, 469-479.   DOI
11 Fishbein, M. and I. Ajzen, Belief Attitude, Intention and Behavior, Reading, MA : Addison-Wesley, 1975.
12 Gaeth, G.J., I.P. Levin, D.A. Cours, and S. Combs, "Framing of Attribute Information in Product Description", Advances in Consumer Research, Vol.17, No.2, 1990, 531-534.
13 Ganzach, Y. and N. Karsahi, "Message Framing and Buying Behavior : A Field Experiment", Journal of Business Research, Vol.32, No.1, 1995, 11-17.   DOI
14 Gefen, D., D. Straub, and M. Boudreau, "Structural Equation Modeling and Regression :Guidelines for Research Practice", Communications of the Association for Information Systems, Vol.4, No.7, 2000, 1-77.
15 Ha, S.W. and H.J. Kim, "The Effects of User's Security Awareness on Password Security Behavior", Digital Contents Society, Vol.14, No.2, 2013, 179-189. (하상원, 김형중, "정보보안의식이 패스워드 보안행동에 미치는 영향에 관한 연구", 한국디지털콘텐츠학회논문지, 제14권, 제2호, 2013, 179-189.)   DOI
16 Park, J.P., "Users' Security Protection Through Fear Appeal : A Behavioral Economics Approach", Ph.D Thesis, Yonsei University, South Korea, 2015. (박종필, "공포소구를 통한 온라인 사용자들의 보안 강화 : 행동경제학적 접근으로", 박사학위논문, 연세대학교, 2015.)
17 Meyerowitz, B.E. and S. Chaiken, "The Effect of Message Framing on Breast Self-examination Attitudes, Intentions, and Behavior", Journal of Personality and Social Psychology, Vol.52, No.3, 1987, 500-510.   DOI
18 Mwagwabi, F., T. McGill, and M. Dixon, "Improving Compliance with Password Guidelines : How User Perceptions of Passwords and Security Threats Affect Compliance with Guidelines", System Sciences(HICSS), 2014 47th Hawaii International Conference on, 2014.
19 Ortony, A. and T.J. Turner, "What's Basic about Basic Emotions?", Psychological Review, Vol.97, No.3, 1990, 315-331.   DOI
20 Rogers, R.W., "A Protection Motivation Theory of Fear Appeals and Attitude Change 1", The Journal of Psychology, Vol.91, No.1, 1975, 93-114.   DOI
21 Rogers, R.W., "Cognitive and Physiological Processes in Fear Appeals and Attitude Change : A Revised Theory of Protection Motivation", Social Psychophysiology, 1983, 153-176.
22 Shropshire, J.D., M. Warkentin, and A.C. Johnston, "Impact of Negative Message Framing on Security Adoption", Journal of Computer Information Systems, Vol.51, No.1, 2010, 41-51.
23 Jeon, J.O., Q. Le, and H.H. Park, "The Influence of Scarcity Message Type and Message Framing on Impulse Buying Effect in Online Pice Discount Advertising : Focusing on the Moderating Effect of Need for Cognitive Closure", The Korean Journal of Consumer and Advertising Psychology, Vol.14, No.4, 2013, 549-574. (전중옥, 이 금, 박현희, "희소성 메시지 유형과 메시지 프레이밍에 따른 온라인 광고의 충동구매 효과", 한국심리학회지 : 소비자․광고, 제14권, 제4호, 2013, 549-574.)   DOI
24 Hanus, B. and Y.A. Wu, "Impact of Users Security Awareness on Desktop Security Behavior : A Protection Motivation Theory Perspective", Information Systems Management, Vol.33, No.1, 2016, 2-16.   DOI
25 Henseler, J., C.M. Ringle, and R.R. Sinkovics, "The Use of Partial Least Squares Path Modeling in International Marketing", In New Challenges to International Marketing, Emerald Group Publishing Limited, 2009, 277-319.
26 Homer, P.M. and S.G. Yoon, "Message Framing and the Interrelationships among Ad-based Feelings, Affect, and Cognition", Journal of Advertising, Vol.21, No.1, 1992, 19-33.   DOI
27 Lee, J.R., "A Study on the Effect of Persuasion on Attitude and Framing", Korean Journal of Social Science, Vol.28, No.2, 2006, 125-144. (이재록, "태도와 프레이밍 및 설득과의 관계에 관한 연구", 한국사회과학연구, 제28권, 제2호, 2006, 125-144.)
28 Johnston, A.C. and M. Warkentin, "Fear Appeals and Information Security Behaviors : An Empirical Study", MIS Quarterly, Vol.34, No.3, 2010, 549-566.   DOI
29 KISA, "A Survey on the Use of Digital Signatures by the Public in 2015", 2015. (한국인터넷진흥원, "2015년 대국민 전자서명 이용 실태 조사", 2015.)
30 Kurila, J., L. Lazuras, and P.H. Ketikidis, "Message Framing and Acceptance of Branchless Banking Technology", Electronic Commerce Research and Applications, Vol.17, 2016, 12-18.   DOI
31 Lee, Y., "Understanding Anti-plagiarism Software Adoption : An Extended Protection Motivation Theory Perspective", Decision Support Systems, Vol.50, No.2, 2011, 361-369.   DOI
32 Witte, K., G. Meyer, and D. Martell, "Effective Health Risk Messages : A Step-by-Step Guide", Sage Publications, 2001.
33 Vance, A., D. Eargle, K. Ouimet, and D. Straub, "Enhancing Password Security Through Interactive Fear Appeals : A Web-based Field Experiment", 2013 46th Hawaii International Conference on System Sciences, 2988-2997.
34 Witte, K., "Predicting Risk Behaviors : Development and Validation of a Diagnostic Scale", Journal of Health Communication, Vol.1, 1996, 317-341.   DOI
35 Witte, K., "Putting the Fear Back into Fear Appeals : The Extended Parallel Process Model", Communications Monographs, Vol.59, No.4, 1992, 329-349.   DOI
36 Woon, I., G.W. Tan, and R. Low, "A Protection Motivation Theory Approach to Home Wireless Security", International Conference on Information on Systems, 2005, 367-390.