Description
Digital technologies are transforming our lives at a speed that no other milestone invention has done before. With the internet many of our everyday tasks have become more convenient, as working, shopping, communication, and the like, all take place online. We can access Facebook, Google Drive, our LinkedIn profile and favourite streaming platforms, online banking, and plenty more from anywhere in the world. All that is possible as our data is stored online, and we access it through our accounts. Naturally, just as we would protect the valuables in our home, we must also guard our sensitive (digital) data. The weakest link in security are unfortunately us humans. Hackers gain more and more knowledge about human behaviour (van Bavel et al., 2019). We need to socially engineer people to act better (Moustafa et al., 2021). People are part of the solution and not necessarily only the problem (Zimmermann & Renaud, 2019).
Hacking attacks pose one of the most common threats online. While strong passwords effectively protect online accounts from such attacks, users often resort to weak passwords due to the burden of remembering secure passwords. While password managers can solve this problem, adoption rates are still strikingly low.
In this bachelor thesis project, we will conduct an experimental study to test the effectiveness of coping nudges (i.e., self-efficacy, response efficacy, response cost) based on Protection Motivation Theory in combination with personification of these messages to see if we can raise the behavioural intention to adopt a password manager and ultimately facilitate password manager adoption. Own input into the study is highly appreciated.
Research questions
Exact research questions will be determined based on student interests after discussion. Example research questions include:
1. How can we increase self-efficacy with respects to cybersecurity behaviour, in particular adopting passwords?
2. Can coping messages stimulate people into adopting password managers?
3. Will coping messages be more effective if they are tailored to people via personification?
Type of research
Most likely methods are experiments, quantitative research.
Key words
Cybercrime, social engineering, password managers, behaviour change
Literature
- Bullee, J. W., & Junger, M. (2020). How effective are social engineering interventions? A meta-analysis. Information & Computer Security, 28(5), 801-830.
- Davinson, N., & Sillence, E. (2014). Using the health belief model to explore users’ perceptions of “being safe and secure” in the world of technology mediated financial transactions. International Journal of Human Computer Studies, 72(2), 154–168. https://doi.org/10.1016/j.ijhcs.2013.10.003
- Moustafa, A. A., Bello, A., & Maurushat, A. (2021). The Role of User Behaviour in Improving Cyber Security Management. Frontiers in Psychology, 12(June), 1–9. https://doi.org/10.3389/fpsyg.2021.561011
- Kankane, S., DiRusso, C., & Buckley, C. (2018, April). Can we nudge users toward better password management? an initial study. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (pp. 1-6).
- Menard, P., Bott, G. J., & Crossler, R. E. (2017a). User motivations in protecting information security: Protection motivation theory versus Self-Determination theory. Journal of Management Information Systems, 34(4), 1203–1230.
- Pearman, S., Zhang, S. A., Bauer, L., Christin, N., & Cranor, L. F. (2019). Why people (don't) use password managers effectively. Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security (SOUPS'19). 319–338. http://doi.org/10.5555/3361476.3361500
- van Bavel, R., Rodríguez-Priego, N., Vila, J., & Briggs, P. (2019). Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human Computer Studies, 123(September 2018), 29–39. https://doi.org/10.1016/j.ijhcs.2018.11.003
- Zimmermann, V., & Renaud, K. (2019). Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset. International Journal of Human Computer Studies, 131(April), 169–187. https://doi.org/10.1016/j.ijhcs.2019.05.005
Information
This project is open to 2 students.
Are you interested in this topic for your thesis? Please contact the theme coordinator Lynn Weiher: l.weiher@utwente.nl
.