Can Individuals’ Neutralization Techniques Be Overcome? : A Field Experiment on Password Policy
Siponen, M., Puhakainen, P., & Vance, A. (2020). Can Individuals’ Neutralization Techniques Be Overcome? : A Field Experiment on Password Policy. Computers and Security, 88, Article 101617. https://doi.org/10.1016/j.cose.2019.101617
Published inComputers and Security
© 2019 Elsevier Ltd.
Individuals’ lack of adherence to password security policy is a persistent problem for organizations. This problem is especially worrisome because passwords remain the primary authentication mechanism for information systems, and the number of passwords has been increasing. For these reasons, determining methods to improve individuals’ adherence to password-security policies constitutes an important issue for organizations. Extant research has shown that individuals use neutralization techniques, i.e., types of rationalizations, to disregard organizational information-security policies. What has not been determined from extant information security research is whether these neutralizations can be changed through educational training interventions. We argue that training based on principles of cognitive dissonance theory is a promising method for reducing individuals’ use of neutralization techniques. We contribute by showing empirically that training based on cognitive dissonance theory can reduce the use of neutralization techniques when such training is designed to counter such techniques. Using a quasi-experimental design at an organization, individuals received training on neutralization techniques in the context of password security. Using a quasi-experimental design, we found that individuals who received our training treatment exhibited substantially less intent to use neutralization techniques and were significantly more likely to use secure passwords. Additionally, a follow-up measurement three weeks after the training session showed that the experimental treatment retained its effectiveness, i.e., the experimental group exhibited substantially less intent to use neutralization techniques and a greater likelihood of using strong passwords in the future. Additionally, intent was significantly greater in the experimental group. Implications for practice and future research are discussed. ...
PublisherElsevier Advanced Technology
Publication in research information system
MetadataShow full item record
Additional information about fundingThe Finnish Funding Agency for Innovation (Business Finland) and several companies funded this study.
Showing items with similar title or keywords.
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...
Woods, Naomi; Siponen, Mikko (Academic Press, 2018)Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such ...
Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ...
Karjalainen, Mari; Siponen, Mikko; Sarker, Suprateek (Elsevier, 2020)Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain ...
Paananen, Hanna; Lapke, Michael; Siponen, Mikko (Elsevier Advanced Technology, 2020)Despite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ...