Abstract

Passwords have long been the preferred method of user authentication, yet poor password practices cause security issues. The study described in this paper investigates how user perceptions of passwords and security threats affect intended compliance with guidelines and explores how these perceptions might be altered in order to improve compliance. It tests a research model based on protection motivation theory [24]. Two groups of internet users were surveyed, one of which received password security information and an exercise to reinforce it. This study suggests effective ways that trainers or employers can improve compliance with password guidelines. In particular, training programs should aim to enhance IS security coping appraisal. The research model proposed in this study has also been shown to be a useful model for explaining IS security behavioral intentions.