Help
Cart
Skip main navigation

Available Issues

December 4, 2012 - March 5, 2026

Available Issues

December 4, 2012 - March 5, 2026

Characterizing Conflicting User Values for Cyber Authentication Using a Virtual Public Values Forum

Published Online:15 Aug 2019https://doi.org/10.1287/deca.2018.0383

References

  • Adams A, Sasse MA (1999) Users are not the enemy. Comm. ACM. 42(12):40–46.CrossrefGoogle Scholar
  • Baron J, Spranca M (1997) Protected values. Organ. Behav. Human Decision Process 70(1):1–16.CrossrefGoogle Scholar
  • Barra RA, McLeod A, Savage A, Simkin MG (2010) Passwords: Do user preferences and website protocols differ from theory? J. Inform. Privacy Sect. 6(4):50–69.CrossrefGoogle Scholar
  • Beautement A, Sasse M, Wonham M (2009) The compliance budget: Managing security behaviour in organisations. Proc. 2008 Workshop New Sect. Paradigms (Association for Computing Machinery, New York), 47–58.Google Scholar
  • Bonneau J, Herley C, van Oorschot PC (2015) Passwords and the evolution of imperfect authentication. Comm. ACM. 58(7):78–87.CrossrefGoogle Scholar
  • Buhrmester M, Kwang T, Gosling SD (2011) Amazon’s Mechanical Turk a new source of inexpensive, yet high-quality, data? Perspect. Psych. Sci. 6(1):3–5.CrossrefGoogle Scholar
  • Campbell J, Kleeman D, Ma W (2007) The good and not so good of enforcing password composition rules. Inform. Systems Sect. 16(1):2–8.Google Scholar
  • Clarke N, Furnell S (2005) Authentication of users on mobile telephones: A survey of attitudes and practices. Comput. Sect. 24(7):519–527.CrossrefGoogle Scholar
  • Creese S, Hodges D, Jamison-Powell S, Whitty M (2013) Relationships between password choices, perceptions of risk and security expertise. Marinos L & Askoxylakis I, eds. Human Aspects of Information Security, Privacy, and Trust (Springer, Berlin), 80–89.CrossrefGoogle Scholar
  • de Bruijn H, Janssen M (2017) Building cybersecurity awareness: The need for evidence-based framing strategies. Government Inform. Quart. 34(1):1–7.CrossrefGoogle Scholar
  • Doyle JR (2012) Survey of time preference, delay discounting models. Judgement Decision Making 8(2):116–135.Google Scholar
  • Eisenführ F, Weber M, Langer T (2010) Rational Decision Making (Springer, Berlin).CrossrefGoogle Scholar
  • Florencio D, Herley C (2007) A large-scale study of web password habits. Proc. 16th Internat. Conf. World Wide Web (Association for Computing Machinery, New York), 657–666.Google Scholar
  • Florencio D, Herley C, Van Oorschot PC (2014) An administrator’s guide to Internet password research. Proc. 28th Large Installation Systems Admin. Conf. (USENIX Association, Berkeley, CA), 44–61.Google Scholar
  • Gregory R, Keeney RL (1994) Creating policy alternatives using stakeholder values. Management Sci. 40(8):1035–1048.LinkGoogle Scholar
  • Helkala K (2011) Password education based on guidelines tailored to different password categories. J. Comput. 6(5):969–975.CrossrefGoogle Scholar
  • Herath T, Rao HR (2009) Protection motivation and deterrence: A framework for security policy compliance in organisations. Eur. J. Inform. Systems 18(2):106–125.CrossrefGoogle Scholar
  • Herley C (2009) So long, and no thanks for the externalities: The rational rejection of security advice by users. Proc. 2009 Workshop New Sect. Paradigms Workshop (Association for Computing Machinery, New York), 133–144.Google Scholar
  • Hu LT, Bentler PM (1999) Cutoff criteria for fit indexes in covariance structure analysis: Conventional criteria vs. new alternatives. Structural Equation Model: Multidisciplinary J. 6(1):1–55.CrossrefGoogle Scholar
  • Inglesant PG, Sasse MA (2010) The true cost of unusable password policies: Password use in the wild. Proc. SIGCHI Conf. Human Factors Comput. Systems (Association for Computing Machinery, New York), 383–392.Google Scholar
  • Jakobsson M, Myers S (2006) Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft (John Wiley & Sons, New York).CrossrefGoogle Scholar
  • Jakobsson M, Yang L, Wetzel S (2008) Quantifying the security of preference-based authentication. Proc. 4th ACM Workshop Digital Identity Management (Association for Computing Machinery, New York), 61–70.Google Scholar
  • Johnston AC, Warkentin M (2010) Fear appeals and information security behaviors: An empirical study. MIS Quart. 34(3):549–566.CrossrefGoogle Scholar
  • Kaspersky Laboratory USA (2018) Small business IT security (July 2018). Accessed July 2, 2018, https://usa.kaspersky.com/small-business-security.Google Scholar
  • Keeney RL (1992) Value Focused Thinking (Harvard University Press, Cambridge, MA).Google Scholar
  • Keeney RL (2007) Developing objectives and attributes. Edwards W, Miles RF, von Winterfeldt D, eds. Advances in Decision Analysis: From Foundation to Applications (Cambridge University Press, New York), 104–128CrossrefGoogle Scholar
  • Keeney RL (2013) Identifying, prioritizing, and using multiple objectives. EURO J. Decision Processes 1(1/2):45–67.CrossrefGoogle Scholar
  • Keeney RL, Raiffa H (1976) Decision with Multiple Objectives (Cambridge University Press, Cambridge, UK).Google Scholar
  • Keeney RL, Von Winterfeldt D (2007) Practical value models. Edwards W, Miles RF, von Winterfeldt D, eds. Advances in Decision Analysis: From Foundation to Applications (Cambridge University Press, New York), 232–252.CrossrefGoogle Scholar
  • Keeney RL, Von Winterfeldt D, Eppel T (1990) Eliciting public values for complex policy decisions. Management Sci. 36(9):1011–1030.LinkGoogle Scholar
  • Keller LR, Kirkwood CW, Jones NS (2010) Assessing stakeholder evaluation concerns: An application to the Central Arizona water resources system. Systems Engrg. 13(1):58–71.Google Scholar
  • Klein D (1990) Foiling the cracker: A survey of, and improvements to, password security. Proc. 2nd USENIX Sect. Workshop (USENIX Association, Berkeley, CA), 5–14.Google Scholar
  • Maddux JE, Rogers RW (1983) Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. J. Experiment. Soc. Psych. 19(5):469–479.CrossrefGoogle Scholar
  • Mwagwabi F, McGill T, Dixon M (2014) Improving compliance with password guidelines: How user perceptions of passwords and security threats affect compliance with guidelines. Sprague RH, ed. Proc. 47th Hawaii Internat. Conf. System Sci. (Institute of Electrical and Electronics Engineers, Piscataway, NJ), 3188–3197.Google Scholar
  • Mwagwabi FM (2015) A Protection Motivation Theory approach to improving compliance with password guidelines. Unpublished doctoral dissertation, Murdoch University, Perth, Australia.Google Scholar
  • Notoatmodjo G (2007) Exploring the ‘weakest link’: A study of personal password security. Unpublished doctoral dissertation, The University of Auckland, Auckland, New Zealand.Google Scholar
  • Paolacci G, Chandler J, Ipeirotis PG (2010) Running experiments on Amazon Mechanical Turk. Judgment Decision Making 5(5):411–419.CrossrefGoogle Scholar
  • Riley S (2006) Password security: What users know and what they actually do. Usability News 8(1):2833–2836.Google Scholar
  • Rogers RW (1975) A protection motivation theory of fear appeals and attitude change. J. Psych. 91(1):93–114.CrossrefGoogle Scholar
  • Sasse MA, Brostoff S, Weirich D (2001) Transforming the ‘weakest link’—a human/computer interaction approach to usable and effective security. BT Tech. J. 19(3):122–131.CrossrefGoogle Scholar
  • Sheehan KB (2017) Crowdsourcing research: Data collection with Amazon’s Mechanical Turk. Comm. Monographs 85(1):140–156.CrossrefGoogle Scholar
  • Tam L, Glassman M, Vandenwauver M (2010) The psychology of password management: A trade-off between security and convenience. Behav. Inform. Tech. 29(3):233–244.CrossrefGoogle Scholar
  • The Guardian (2010) Too many passwords to remember. (September 30), https://www.theguardian.com/technology/askjack/2010/sep/30/password-management-internet.Google Scholar
  • Ur B, Noma F, Bees J, Segreti SM, Shay R, Bauer L, Christin N, Cranor LF (2015) “I added '!' at the end to make it secure”: Observing password creation in the laboratory. Proc. 11th Sympos. Usable Privacy Sect. (SOUPS 2015) (USENIX Association, Berkeley, CA), 123–140.Google Scholar
  • Von Winterfeldt D, Edwards W (1986) Decision Analysis and Behavioral Research (Cambridge University Press, New York).Google Scholar
  • Vu KPL, Proctor RW, Bhargav-Spantzel A, Tai BLB, Cook J, Schultz EE (2007) Improving password security and memorability to protect personal and organizational information. Internat. J. Human Comput Stud. 65(8):744–757.CrossrefGoogle Scholar
  • Wales, M (2017) How secure is my password? Accessed November 30, 2017, https://howsecureismypassword.net.Google Scholar
  • Woon I, Tan GW, Low R (2005) A protection motivation theory approach to home wireless security. Proc. ICIS 2005 (Association for Information Systems, Atlanta), 367–380.Google Scholar
  • Workman M, Bommer WH, Straub D (2008) Security lapses and the omission of information security measures: A threat control model and empirical test. Comput. Human Behav. 24(6):2799–2816.CrossrefGoogle Scholar
  • Zviran M, Haga WJ (1999) Password security: An empirical study. J. Management Inform. Systems 15(4):161–185.CrossrefGoogle Scholar
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree