Document Type
Conference Proceeding
Publication Title
Proceedings of the 52nd Hawaii International Conference on System Sciences
Volume
2019-January
First Page
5618
Last Page
5627
Publisher
Hawaii International Conference on System Sciences
School
School of Science
RAS ID
45052
Abstract
Despite an abundance of policies being directed towards them, users often struggle to follow good cybersecurity practice. Recognizing that such behaviors do not come naturally, a logical approach is to ensure that users are guided and supported in knowing what to do and how to do it. Unfortunately, such support is often lacking. The paper uses the example of password authentication as a specific context in which cybersecurity behavior is frequently criticized, but where users are often left to manage without sufficient support (as evidenced by examining the lack of related guidance and enforcement of good practice on leading websites). The discussion then proceeds to look at the effect of actively supporting the user, drawing upon the results from two experimental studies (one looking at the practical impact of guidance and feedback upon users' password choices, and the other examining the effect of gamifying the password selection experience). The results collectively show that such efforts can have tangible positive effects upon user behaviors. While the specific findings are focused upon passwords, similar principles could also be applied to other aspects of user-facing security.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Comments
Furnell, S. M., Alotaibi, F., & Esmael, R. (2019). Aligning security practice with policy: Guiding and nudging towards better behavior. In Proceedings of the 52nd Hawaii International Conference on Systems Sciences (pp. 5618-5627). https://aisel.aisnet.org/hicss-52/