Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

Examining the Continuance of Secure Behavior: A Longitudinal Field Study of Mobile Device Authentication

Published Online:19 May 2016https://doi.org/10.1287/isre.2016.0634

References

  • Adams A, Sasse MA (1999) Users are not the enemy. Comm. ACM 42(12):40–46.CrossrefGoogle Scholar
  • Adams A, Sasse MA, Lunt P (1997) Making passwords secure and usable. Thimbleby H, O’Conaill B, Thomas PJ, eds. People and Computers XII (Springer, London), 1–19.CrossrefGoogle Scholar
  • Agarwal R, Karahanna E (2000) Time flies when you’re having fun: Cognitive absorption and beliefs about information technology usage. MIS Quart. 24(4):665–694.CrossrefGoogle Scholar
  • Anderson CL, Agarwal R (2010) Practicing safe computing: A multimedia empirical examination of home computer user security behavioral intentions. MIS Quart. 34(3):613–643.CrossrefGoogle Scholar
  • Baddeley A (1994) The magical number seven: Still magic after all these years? Psych. Rev. 101(2):353–356.CrossrefGoogle Scholar
  • Baddeley A (2012) Working memory: Theories, models, and controversies. Annual Rev. Psych. 63:1–29.CrossrefGoogle Scholar
  • Bao P, Pierce J, Whittaker S, Zhai S (2011) Smart phone use by non-mobile business users. Bylund M, Juhlin O, Fernaues Y, eds. Proc. 13th Internat. Conf. Human Comput. Interaction Mobile Devices Services (ACM, New York), 445–464.CrossrefGoogle Scholar
  • Bargh JA, Ferguson MJ (2000) Beyond behaviorism: On the automaticity of higher mental processes. Psych. Bull. 126(6):925–945.CrossrefGoogle Scholar
  • Bargh JA, Gollwitzer PM, Lee-Chai A, Barndollar K, Trötschel R (2001) The automated will: Nonconscious activation and pursuit of behavioral goals. J. Personality Soc. Psych. 81(6):1014–1027.CrossrefGoogle Scholar
  • Barn BS, Barn R, Tan J-P (2014) Young people and smart phones: An empirical study on information security. Sprague RH Jr, ed. Proc. 47th Hawaii Internat. Conf. System Sci. (HICSS) (IEEE, Los Alamitos, CA), 4504–4514.CrossrefGoogle Scholar
  • Baum K, Catalano S, Rand M (2009) National Crime Victimization Survey: Stalking Victimization in the United States–Revised NCJ 224527, Bureau of Justice Statistics Special Report, U.S. Department of Justice, Office of Justice Programs, Washington, DC. http://www.bjs.gov/content/pub/pdf/svus_rev.pdf.Google Scholar
  • Belanger F, Crossler RE (2011) Privacy in the digital age: A review of information privacy research in information systems. MIS Quart. 35(4):1017–1041.CrossrefGoogle Scholar
  • Ben-Asher N, Kirschnick N, Sieger H, Meyer J, Ben-Oved A, Möller S (2011) On the need for different security methods on mobile phones. Bylund M, Juhlin O, Fernaues Y, eds. Proc. 13th Internat. Conf. Human Comput. Interaction Mobile Devices Services (ACM, New York), 465–473.CrossrefGoogle Scholar
  • Bhattacherjee A (2001) Understanding information systems continuance: An expectation-confirmation model. MIS Quart. 25(3):351–370.CrossrefGoogle Scholar
  • Bhattacherjee A, Premkumar G (2004) Understanding changes in belief and attitude toward information technology usage: A theoretical model and longitudinal test. MIS Quart. 28(2):229–254.CrossrefGoogle Scholar
  • Bialynickibirula I, Mycielski J (1975) Uncertainty relations for information entropy in wave mechanics. Comm. Math. Phys. 44(2):129–132.CrossrefGoogle Scholar
  • Brown AS, Bracken E, Zoccoli S, Douglas K (2004) Generating and remembering passwords. Appl. Cognitive Psych. 18(6):641–651.CrossrefGoogle Scholar
  • Brown RM, Robertson EM (2007) Off-line processing: Reciprocal interactions between declarative and procedural memories. J. Neuroscience 27(39):10468–10475.CrossrefGoogle Scholar
  • Brown SA, Venkatesh V, Goyal S (2012) Expectation confirmation in technology use. Inform. Systems Res. 23(2):474–487.LinkGoogle Scholar
  • Bulgurcu B, Cavusoglu H, Benbasat I (2010) Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quart. 34(3):523–548.CrossrefGoogle Scholar
  • Carver CS, Scheier MF (1982) Control theory: A useful conceptual framework for personality–social, clinical, and health psychology. Psych. Bull. 92(1):111–135.CrossrefGoogle Scholar
  • Cenfetelli RT (2004) Inhibitors and enablers as dual factor concepts in technology usage. J. Assoc. Inform. Systems 5(11):472–492.Google Scholar
  • Chen M, Bargh JA (1999) Consequences of automatic evaluation: Immediate behavioral predispositions to approach or avoid the stimulus. Personality Soc. Psych. Bull. 25(2):215–224.CrossrefGoogle Scholar
  • Chin WW, Marcolin BL, Newsted PR (2003) A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Inform. Systems Res. 14(2):189–217.LinkGoogle Scholar
  • Clarke NL, Furnell SM (2005) Authentication of users on mobile telephones—A survey of attitudes and practices. Comput. Security 24(7):519–527.CrossrefGoogle Scholar
  • ConsumerReports (2014) Smart phone thefts rose to 3.1 million last year, consumer reports finds. (May 28), http://www.consumerreports.org/cro/news/2014/04/smart-phone-thefts-rose-to-3-1-million-last-year/index.htm.Google Scholar
  • Deterding S (2012) Gamification: Designing for motivation. Interactions 19(4):14–17.CrossrefGoogle Scholar
  • Dinev T, Hu Q (2007) The centrality of awareness in the formation of user behavioral intention toward protective information technologies. J. Assoc. Inform. Systems 8(7):386–408.Google Scholar
  • Ebbinghaus H (1913) Memory: A Contribution to Experimental Psychology (Teachers College, Columbia University, New York).CrossrefGoogle Scholar
  • Ericsson KA, Kintsch W (1995) Long-term working memory. Psych. Rev. 102(2):211–245.CrossrefGoogle Scholar
  • ESA—Entertainment Software Association (2013) 2013 sales, demographic and usage data: Essential facts about the computer and video game industry. http://www.theesa.com/facts/pdfs/ESA_EF_2013.pdf.Google Scholar
  • Fornell C, Bookstein FL (1982) Two structural equation models: LISREL and PLS applied to consumer exit-voice theory. J. Marketing Res. 19(4):440–452.CrossrefGoogle Scholar
  • Herath T, Rao HR (2009) Protection motivation and deterrence: A framework for security policy compliance in organisations. Eur. J. Inform. Systems 18(2):106–125.CrossrefGoogle Scholar
  • Hoffman DL, Novak TP (1996) Marketing in hypermedia computer-mediated environments: Conceptual foundations. J. Marketing 60(3):50–68.CrossrefGoogle Scholar
  • Hong S, Kim J, Lee H (2008) Antecedents of user-continuance in information systems: Toward an integrative view. J. Comput. Inform. Systems 48(3):61–73.Google Scholar
  • Hong S, Thong JY, Tam KY (2006) Understanding continued information technology usage behavior: A comparison of three models in the context of mobile Internet. Decision Support Systems 42(3):1819–1834.CrossrefGoogle Scholar
  • Huang D-L, Patrick Rau P-L, Salvendy G, Gao F, Zhou J (2011) Factors affecting perception of information security and their impacts on IT adoption and security practices. Internat. J. Human-Comput. Stud. 69(12):870–883.CrossrefGoogle Scholar
  • HuffingtonPost (2012) Jenn Gibbons returns to Chicago, completing charity trip in spite of assault. (August 14), http://www.huffingtonpost.com/2012/08/14/jenn-gibbons-returns-to-c_n_1776169.html.Google Scholar
  • Ives B, Walsh KR, Schneider H (2004) The domino effect of password reuse. Comm. ACM 47(4):75–78.CrossrefGoogle Scholar
  • Jakobsson M, Akavipat R (2012) Rethinking passwords to adapt to constrained keyboards. Proc. Mobile Security Technologies, IEEE Comput. Soc. Security Privacy Workshop, San Francisco.Google Scholar
  • Johanson M (2013) How burglars use Facebook to target vacationing homeowners. IBT (July 11), http://www.ibtimes.com/how-burglars-use-facebook-target-vacationing-homeowners-1341325.Google Scholar
  • Johansson J, Riley S (2005) Protect Your Windows Network: From Perimeter to Data (Addison-Wesley, Upper Saddle River, NJ).Google Scholar
  • Johnson K, DeLaGrange T (2012) Sans survey on mobility/BYOD security policies and practices. http://www.sans.org/reading-room/whitepapers/analyst/survey-mobility-byod-security-policies-practices-35175.Google Scholar
  • Johnston AC, Warkentin M (2010) Fear appeals and information security behaviors: An empirical study. MIS Quart. 34(3):549–566.CrossrefGoogle Scholar
  • Jones BH, Heinrichs LR (2012) Do business students practice smartphone security? J. Comput. Inform. Systems 53(2):22–30.Google Scholar
  • Karahanna E, Straub DW, Chervany NL (1999) Information technology adoption across time: A cross-sectional comparison of pre-adoption and post-adoption beliefs. MIS Quart. 23(2):183–213.CrossrefGoogle Scholar
  • Karlson AK, Brush AJ, Schechter S (2009) Can I borrow your phone?: Understanding concerns when sharing mobile phones. Greenberg S, Hudson SE, Hinckley K, Morris ME, Olsen DR Jr, eds. Proc. SIGCHI Conf. Human Factors Comput. Systems (ACM, New York), 1647–1650.CrossrefGoogle Scholar
  • Keisler A, Shadmehr R (2010) A shared resource between declarative memory and motor memory. J. Neuroscience 30(44):14817–14823.CrossrefGoogle Scholar
  • Keith MJ, Shao B, Steinbart PJ (2007) The usability of passphrases for authentication: An empirical field study. Internat. J. Human-Comput. Stud. 65(1):17–28.CrossrefGoogle Scholar
  • Keith MJ, Shao B, Steinbart PJ (2009) A behavioral analysis of passphrase design and effectiveness. J. Assoc. Inform. Systems 10(2):63–89.Google Scholar
  • Keller KL (1987) Memory factors in advertising: The effect of advertising retrieval cues on brand evaluations. J. Consumer Res. 14(3):316–333.CrossrefGoogle Scholar
  • Kim H-W, Chan HC, Chan YP (2007) A balanced thinking—Feelings model of information systems continuance. Internat. J. Human-Comput. Stud. 65(6):511–525.CrossrefGoogle Scholar
  • Lee S, Zhai S (2009) The performance of touch screen soft buttons. Greenberg S, Hudson SE, Hinckley K, Morris ME, Olsen DR Jr, eds. Proc. SIGCHI Conf. Human Factors Comput. Systems (ACM, New York), 309–318.CrossrefGoogle Scholar
  • Lee Y, Larsen KR (2009) Threat or coping appraisal: Determinants of SMB executives’ decision to adopt anti-malware software. Eur. J. Inform. Systems 18(2):177–187.CrossrefGoogle Scholar
  • Liang H, Xue Y (2009) Avoidance of information technology threats: A theoretical perspective. MIS Quart. 33(1):71–90.CrossrefGoogle Scholar
  • Liang H, Xue Y (2010) Understanding security behaviors in personal computer usage: A threat avoidance perspective. J. Assoc. Inform. Systems 11(7):394–413.Google Scholar
  • Limayem M, Hirt SG, Cheung CM (2007) How habit limits the predictive power of intention: The case of information systems continuance. MIS Quart. 31(4):705–737.CrossrefGoogle Scholar
  • MacKay B, Watters C, Duffy J (2004) Web page transformation when switching devices. Brewster S, Dunlop M, eds. Mobile Human-Computer Interaction-MobileHCI 2004, Lecture Notes Comput. Sci., Vol. 3160 (Springer-Verlag, Berlin Heidelberg), 228–239.CrossrefGoogle Scholar
  • Ortiz de Guinea A, Markus ML (2009) Why break the habit of a lifetime? Rethinking the roles of intention, habit, and emotion in continuing information technology use. MIS Quart. 33(3):433–444.CrossrefGoogle Scholar
  • Ortiz de Guinea A, Webster J (2013) An investigation of information systems use patterns: Technological events as triggers, the effect of time, and consequences for performance. MIS Quart. 37(4):1165–1188.CrossrefGoogle Scholar
  • Park YS, Han SH, Park J, Cho Y (2008) Touch key design for target selection on a mobile phone. ter Hofte H, Mulder I, eds. Proc. 10th Internat. Conf. Human Comput. Interaction Mobile Devices Services (ACM, New York), 423–426.CrossrefGoogle Scholar
  • Paul CL, Morse E, Zhang A, Choong Y-Y, Theofanos M (2011) A field study of user behavior and perceptions in smartcard authentication. Campos P, Graham N, Jorge J, Nunes N, Palanque P, Winckler M, eds. Human-Computer Interaction—Interact 2011, Lecture Notes Comput. Sci., Vol. 6949 (Springer-Verlag, Berlin Heidelberg), 1–17.CrossrefGoogle Scholar
  • Payne JW (1982) Contingent decision behavior. Psych. Bull. 92(2):382–402.CrossrefGoogle Scholar
  • Payne JW, Bettman JR, Johnson EJ (1993) The Adaptive Decision Maker (Cambridge University Press, Cambridge, UK).CrossrefGoogle Scholar
  • Posey C, Lowry PB, Roberts TL, Ellis TS (2010) Proposing the online community self-disclosure model: The case of working professionals in France and the UK who use online communities. Eur. J. Inform. Systems 19(2):181–195.CrossrefGoogle Scholar
  • Richman WL, Kiesler S, Weisband S, Drasgow F (1999) A meta-analytic study of social desirability distortion in computer-administered questionnaires, traditional questionnaires, and interviews. J. Appl. Psych. 84(5):754–775.CrossrefGoogle Scholar
  • Ringle C, Wende S, Will A (2014) Smartpls 3.0. http://www.smartpls.de.Google Scholar
  • Rogers RW (1975) A protection motivation theory of fear appeals and attitude change. J. Psych. 91(1):93–114.CrossrefGoogle Scholar
  • Rydell RJ, Mackie DM, Maitner AT, Claypool HM, Ryan MJ, Smith ER (2008) Arousal, processing, and risk taking: Consequences of intergroup anger. Personality Soc. Psych. Bull. 34(8):1141–1152.CrossrefGoogle Scholar
  • Schneider IE, Silverberg KE, Chavez D (2011) Geocachers: Benefits sought and environmental attitudes. Cyber J. Appl. Leisure Recreation Res. 14(1):1–11.Google Scholar
  • Sears A, Zha Y (2003) Data entry for mobile devices using soft keyboards: Understanding the effects of keyboard size and user tasks. Internat. J. Human-Comput. Interaction 16(2):163–184.CrossrefGoogle Scholar
  • Shneiderman B (1986) Designing the User Interface-Strategies for Effective Human-Computer Interaction (Pearson Education India, Boston).Google Scholar
  • Singh S (2012) Gamification: A strategic tool for organizational effectiveness. Internat. J. Management 1(1):108–113.Google Scholar
  • Smith HJ, Dinev T, Xu H (2011) Information privacy research: An interdisciplinary review. MIS Quart. 35(4):989–1015.CrossrefGoogle Scholar
  • Squire LR (1986) Mechanisms of memory. Science 232(4758):1612–1619.CrossrefGoogle Scholar
  • Squire LR (2004) Memory systems of the brain: A brief history and current perspective. Neurobiology Learn. Memory 82(3):171–177.CrossrefGoogle Scholar
  • Tanner JF Jr, Hunt JB, Eppright DR (1991) The protection motivation model: A normative model of fear appeals. J. Marketing 55(3):36–45.CrossrefGoogle Scholar
  • Taylor S, Todd PA (1995) Understanding information technology usage: A test of competing models. Inform. Systems Res. 6(2):144–176.LinkGoogle Scholar
  • Todd P, Benbasat I (1991) An experimental investigation of the impact of computer based decision aids on decision making strategies. Inform. Systems Res. 2(2):87–115.LinkGoogle Scholar
  • Todd P, Benbasat I (1992) The use of information in decision making: An experimental investigation of the impact of computer-based decision aids. MIS Quart. 16(3):373–393.CrossrefGoogle Scholar
  • Todd P, Benbasat I (1999) Evaluating the impact of DSS, cognitive effort, and incentives on strategy selection. Inform. Systems Res. 10(4):356–374.LinkGoogle Scholar
  • Trewin S, Swart C, Koved L, Martino J, Singh K, Ben-David S (2012) Biometric authentication on a mobile device: A study of user effort, error and task disruption. Zakon RH, ed. Proc. 28th Annual Comput. Security Appl. Conf. (ACM, New York), 159–168.CrossrefGoogle Scholar
  • Tulving E, Pearlstone Z (1966) Availability versus accessibility of information in memory for words. J. Verbal Learn. Verbal Behav. 5(4):381–391.CrossrefGoogle Scholar
  • Ullman MT (2004) Contributions of memory circuits to language: The declarative/procedural model. Cognition 92(1):231–270.CrossrefGoogle Scholar
  • Ullman MT (2013) The declarative/procedural model of language. Pashler H, ed. Encyclopedia of the Mind (Sage Publications, Los Angeles), 224–226.CrossrefGoogle Scholar
  • Vance A, Eargle D, Ouimet K, Straub D (2013) Enhancing password security through interactive fear appeals: A web-based field experiment. Sprague RH Jr, ed. Proc. 46th Hawaii Internat. Conf. System Sciences (HICSS) (IEEE, Los Alamitos, CA), 2988–2997.CrossrefGoogle Scholar
  • Venkatesh V, Bala H (2008) Technology acceptance model 3 and a research agenda on interventions. Decision Sci. 39(2):273–315.CrossrefGoogle Scholar
  • Venkatesh V, Thong JYL, Xu X (2012) Consumer acceptance and use of information technology: Extending the unified theory of acceptance and use of technology. MIS Quart. 36(1):157–178.CrossrefGoogle Scholar
  • Venkatesh V, Brown SA, Maruping LM, Bala H (2008) Predicting different conceptualizations of system use: The competing roles of behavioral intention, facilitating conditions, and behavioral expectation. MIS Quart. 32(3):483–502.CrossrefGoogle Scholar
  • Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N (2005) PassPoints: Design and longitudinal evaluation of a graphical password system. Internat. J. Human-Comput. Stud. 63(1):102–127.CrossrefGoogle Scholar
  • Wiener N (1948) Cybernetics: Or Control and Communication in the Animal and the Machine (Wiley, New York).Google Scholar
  • Woon I, Tan G-W, Low R (2005) A protection motivation theory approach to home wireless security. Proc. Internat. Conf. Inform. Systems, Las Vegas, NV.Google Scholar
  • Yan J, Blackwell A, Anderson R, Grant A (2004) Password memorability and security: Empirical results. IEEE Security Privacy 2(5):25–31.CrossrefGoogle Scholar
  • Zviran M, Haga WJ (1999) Password security: An empirical study. J. Management Inform. Systems 15(4):161–185.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree