Search results

This paper aims to study the influence of emotions on security behaviour by reviewing Information Systems Security (ISS) topics in Information Systems (IS) literature. Researchers in ISS study how to motivate people to adhere to security policies; they mainly focus on cognitive models such as the technology acceptance model (Davis, 1985), innovation diffusion theory (Brancheau and Wetherbe, 1990), theory of planned behaviour (Mathieson, 1991) and social cognitive theory (Compeau and Higgins, 1995). Applying positive emotions such as joy and interest is feasible by adding emoticons and positive messages; we use this approach to improve password choosing.

We apply differential emotional theory (Izard 2002) from psychology to the context of ISS. Twenty-two participants took part in an experiment with the task of choosing strong but memorable passphrases. The dependent variable is the strength of the chosen passphrase. The task for the user is to come up with a passphrase that is both strong and memorable. We choose a between-subject design. The independent variable is the emotional interface that the user is confronted with.

We found that 5.35 words was the mean when participants were shown positive smiley faces and messages. When exposed to negative emoticons, the mean was only 4.35 words. Through ANOVA, we find the differences to be statistically significant (F1; 20 = 3.16; p < 0.1). We derive from the experiment that positive emotions should be used in ISS when making users start a habit (e.g. developing a new, individual password strategy), and we conclude from our literature review that negative emotions should be used when reinforcing a habit (e.g. taking care of shoulder surfing).

We contribute to practice by developing a user script that can be installed in all established Internet browsers. The script supports the user to choose a good passphrase strategy when registering for a new service. We find that trainings should not rely on facts only but must make use of emotions, which are crucial for human motivation.

This study attempts to develop an efficient concept to mitigate the risks of social engineering in the era of social networks. For instance friend requests on Facebook are often accepted blindly, thus granting unknown people access to profile details. These problems fuel requirements for an application, developed in this study, that raises awareness of security issues in Facebook.

The “Theory of Planned Behaviour” (TPB), a model from psychology to predict behaviour, is used as a theoretical foundation for the application. Attitudes, perceived behavioural control and social norms are the main variables of this model. Social norms can be massively affected by the Facebook friends and therefore an application is developed which uses this in order to raise awareness.

The application propagated itself virally. Out of 117 users of the application, 15 took action to change the public‐search option visibility from public to private. The use of the application took on average 10.5 minutes.

Applications that scan a Facebook profile for fishy content already exist. However, at the time of writing this paper, no application specifically written against social engineering was known to the author.