Examining the continuance of secure behavior: A longitudinal field study of mobile device authentication

Paul Steinbart, Mark J. Keith, Jeffry Babb

Research output: Contribution to journalArticle

24 Scopus citations

Abstract

It is not enough to get information technology (IT) users to adopt a secure behavior. They must also continue to behave securely. Positive outcomes of secure behavior may encourage the continuance of that behavior, whereas negative outcomes may lead users to adopt less-secure behaviors. For example, in the context of authentication, login success rates may determine whether users continue to use a strong credential or switch to less secure behaviors (e.g., storing a credential or changing to a weaker, albeit easier to successfully enter, credential). Authentication is a particularly interesting security behavior for information systems researchers to study because it is affected by an IT artifact (the design of the user interface). Laptops and desktop computers use full-size physical keyboards. However, users are increasingly adopting mobile devices, which provide either miniature physical keypads or touchscreens for entering authentication credentials. The difference in interface design affects the ease of correctly entering authentication credentials. Thus, the move to use of mobile devices to access systems provides an opportunity to study the effects of the user interface on authentication behaviors. We extend existing process models of secure behaviors to explain what influences their (dis)continuance. We conduct a longitudinal field experiment to test our predictions and find that the user interface does affect login success rates. In turn, poor performance (login failures) leads to discontinuance of a secure behavior and the adoption of less-secure behaviors. In summary, we find that a process model reveals important insights about how the IT artifact leads people to (dis)continue secure behaviors.

Original languageEnglish (US)
Pages (from-to)219-239
Number of pages21
JournalInformation Systems Research
Volume27
Issue number2
DOIs
StatePublished - Jun 1 2016

Keywords

  • Authentication
  • Continuance of security behavior
  • Field experiment
  • Longitudinal research
  • Mobile computing
  • Passphrase
  • Password
  • Security behaviors
  • Smartphone
  • Usability
  • User interface

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management
  • Library and Information Sciences

Fingerprint Dive into the research topics of 'Examining the continuance of secure behavior: A longitudinal field study of mobile device authentication'. Together they form a unique fingerprint.

  • Cite this