Experimental Evidence for Using a TTM Stages of Change Model in Boosting Progress Toward 2FA Adoption
Abstract
Behavior change ideas from health psychology can also help boost end user compliance with security recommendations, such as adopting two-factor authentication (2FA). Our research adapts the Transtheoretical Model Stages of Change from health and wellness research to a cybersecurity context. We first create and validate an assessment to identify workers on Amazon Mechanical Turk who have not enabled 2FA for their accounts as being in Stage 1 (no intention to adopt 2FA) or Stages 2-3 (some intention to adopt 2FA). We randomly assigned participants to receive an informational intervention with varied content (highlighting process, norms, or both) or not. After three days, we again surveyed workers for Stage of Amazon 2FA adoption. We found that those in the intervention group showed more progress toward action/maintenance (Stages 4-5) than those in the control group, and those who received content highlighting the process of enabling 2FA were significantly more likely to progress toward 2FA adoption. Our work contributes support for applying a Stages of Change Model in usable security.
- Publication:
-
arXiv e-prints
- Pub Date:
- May 2022
- DOI:
- 10.48550/arXiv.2205.06937
- arXiv:
- arXiv:2205.06937
- Bibcode:
- 2022arXiv220506937F
- Keywords:
-
- Computer Science - Human-Computer Interaction;
- Computer Science - Cryptography and Security;
- H.1.2;
- H.5.2;
- K.6.5
- E-Print:
- 41 pages, including the stage algorithm programmed on Mturk, the survey flow and specific items used, and a link to download the five informational handouts used for the control condition and the 2FA intervention conditions