Broken windows, bad passwords: Influencing secure user behavior via website design

G. Mark Grimes, Jim Marquardson, Jay F. Nunamaker

Research output: Contribution to conferencePaper

1 Scopus citations

Abstract

The broken windows theory of crime deterrence suggests that features in a community such as broken windows, graffiti, and petty crime send signals that criminal behavior is accepted as the norm. We extend the broken windows theory to information security by suggesting that poor web site design sends signals that insecure behavior is the norm. Extending the theory of planned behavior, we hypothesize that visual appeal and trust influence subjective norms such that users on a low quality web site will exhibit reduced intentions and behaviors of security. In a laboratory experiment we manipulate web site quality while participants create user accounts. Password entropy and self-reported password strength are compared for accounts created on the high and low quality sites. Our findings suggest that organizations may be able to promote secure behavior by creating systems that are high in visual appeal and trustworthiness.

Original languageEnglish (US)
StatePublished - Jan 1 2014
Event20th Americas Conference on Information Systems, AMCIS 2014 - Savannah, GA, United States
Duration: Aug 7 2014Aug 9 2014

Other

Other20th Americas Conference on Information Systems, AMCIS 2014
CountryUnited States
CitySavannah, GA
Period8/7/148/9/14

Keywords

  • Passwords
  • Security
  • Theory of planned behavior

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Library and Information Sciences

Fingerprint Dive into the research topics of 'Broken windows, bad passwords: Influencing secure user behavior via website design'. Together they form a unique fingerprint.

  • Cite this

    Mark Grimes, G., Marquardson, J., & Nunamaker, J. F. (2014). Broken windows, bad passwords: Influencing secure user behavior via website design. Paper presented at 20th Americas Conference on Information Systems, AMCIS 2014, Savannah, GA, United States.