Can relaxing security policy restrictiveness improve user behavior? A field study of authentication credential usage

Jeffry Babb, Mark Keith, Paul Steinbart

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Often, security policies take an overly proscriptive approach designed to shape »secure» behavior in the specification of constraints, controls, and impediments to free action. In the case of very detailed policies, the user may not even understand the logic behind the behavior. This research poses a simple premise: if a desired state of system security can be achieved with a policy that affords the user a range of behavioral options, would the user be more likely to comply with the policy? We present findings from a field experiment in the context of password selection where secure behavior was enhanced by relaxing proscription (and prescription) by allowing universal cues in additional feedback tools to take precedence over explicit behavioral requirements. This is in keeping with aspects of Activity Theory which proposes that familiar tools influence actor-structure interactions that lead to desired outcomes.

Original languageEnglish (US)
Title of host publicationProceedings of the 49th Annual Hawaii International Conference on System Sciences, HICSS 2016
PublisherIEEE Computer Society
Pages4803-4812
Number of pages10
Volume2016-March
ISBN (Electronic)9780769556703
DOIs
StatePublished - Mar 7 2016
Event49th Annual Hawaii International Conference on System Sciences, HICSS 2016 - Koloa, United States
Duration: Jan 5 2016Jan 8 2016

Other

Other49th Annual Hawaii International Conference on System Sciences, HICSS 2016
CountryUnited States
CityKoloa
Period1/5/161/8/16

Keywords

  • Activity theory
  • Information security
  • Password strength
  • Security policy

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Can relaxing security policy restrictiveness improve user behavior? A field study of authentication credential usage'. Together they form a unique fingerprint.

Cite this