Scaring people is not enough: an examination of fear appeals within the context of promoting good password hygiene

Marc Dupuis, Anna Jennings, Karen Renaud

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

1 Downloads (Pure)

Abstract

Fear appeals have been used for thousands of years to scare people into engaging in a specific behavior or omitting an existing one. From religion, public health campaigns, political ads, and most recently, cybersecurity, fear appeals are believed to be effective tools. However, this assumption is often grounded in intuition rather than evidence. We know little about the specific contexts within which fear appeals may or may not work. In this study, we begin to examine various components of a fear appeal within the context of password hygiene. A large-scale randomized controlled experiment was conducted with one control and three treatment groups: (1) fear only; (2) measures needed and the efficacy of such measures, and (3) fear combined with measures needed and the efficacy of such measures. The results suggest that the most effective way to employ a fear appeal within the cybersecurity domain is by ensuring that fear is not used on its own. Instead, it is important that information on the measures needed to address the threat and the efficacy of such measures is used in combination with information about the nature of the threat. Since many individuals that enter the information technology profession become the de facto security person, it is important for information technology education programs to distill in students the inadequacy of fear, on its own, in motivating secure actions.
Original languageEnglish
Title of host publicationSIGITE '21: Proceedings of the 22st Annual Conference on Information Technology Education
Place of PublicationNew York
Pages35-40
Number of pages6
ISBN (Electronic)9781450383554
DOIs
Publication statusPublished - 9 Oct 2021
Event22nd Annual Conference on IT Education - Brigham Young University and Utah Valley University, Snowbird, Utah, United States
Duration: 6 Oct 20219 Oct 2021
https://www.sigite.org/?p=1117

Publication series

NameSIGITE 2021 - Proceedings of the 22nd Annual Conference on Information Technology Education

Conference

Conference22nd Annual Conference on IT Education
Abbreviated titleSIGITE 2021
Country/TerritoryUnited States
CitySnowbird, Utah
Period6/10/219/10/21
Internet address

Keywords

  • security
  • privacy
  • passwords
  • fear appeals
  • best password practices

Fingerprint

Dive into the research topics of 'Scaring people is not enough: an examination of fear appeals within the context of promoting good password hygiene'. Together they form a unique fingerprint.

Cite this