Online security behaviour: factors influencing intention to adopt two-factor authentication

Mitch Holmes; Jacques Ophoff

Online security behaviour: factors influencing intention to adopt two-factor authentication

Mitch Holmes^*, Jacques Ophoff^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

143 Downloads (Pure)

Abstract

Two-factor authentication (2FA) is a protective technology designed to increase the security of online accounts. The enhanced security is achieved by using two layers of authentication to facilitate a login process so that should one layer become compromised (e.g. a password), the second layer will still ensure that the account is protected. Considering the prevalence of cybercrime and in particular, password attacks, it is important to examine the behaviour of individuals in terms of the effort they make to protect their online account(s). Studies surrounding 2FA have focused on the various technologies supporting it as well as issues concerning its usability and convenience. In general, users fail to protect themselves online due to the effort that is required. Enhanced security means increased effort and inconvenience, and although risks are present and perceived by Internet users, sufficient effort to protect their online accounts is not made. This study made use of a Protection Motivation Theory (PMT) approach in trying to understand the behaviour of Internet users surrounding their intentions to adopt 2FA to protect their online account(s). The PMT model is adapted to include an additional concept focusing on ‘Technology Awareness’. Empirical data was collected using an online survey, with 209 responses analysed using Partial Least Squares Structural Equation Modelling (PLS-SEM). Results were in line with other protective technology literature in terms of the perception of online threat vulnerability and severity being less significant in determining behavioural intention than the perception of the technology itself. The results show that the perception of (1) the difficulty associated with using the 2FA technology (response costs) and (2) the effectiveness of the 2FA technology (response efficacy) prove to be significant in determining behavioural intention to adopt 2FA as protective technology. Lastly, awareness of online security issues and solutions was relevant in the adapted PMT model and significantly influenced intention.

Original language	English
Title of host publication	Proceedings of the 14th International conference on cyber warfare and security, ICCWS 2019
Editors	Noelle van der Waag-Cowling, Louise Leenen
Place of Publication	Reading
Publisher	Academic Conferences and Publishing International Limited
Pages	123-132
Number of pages	10
ISBN (Electronic)	9781912764129
ISBN (Print)	9781912764112, 9781510882928
Publication status	Published - 3 Feb 2019
Externally published	Yes
Event	14th International Conference on Cyber Warfare and Security - Stellenbosch, South Africa Duration: 28 Feb 2019 → 1 Mar 2019 Conference number: 14th

Publication series

Name	Proceedings
Publisher	Academic Conferences and Publishing International Ltd.
ISSN (Print)	2048-9870
ISSN (Electronic)	2048-9889

Conference

Conference	14th International Conference on Cyber Warfare and Security
Abbreviated title	ICCWS 2019
Country	South Africa
City	Stellenbosch
Period	28/02/19 → 1/03/19

Access to Document

Ophoff_OnlineSecurityBehaviour_Accepted_2018Accepted author manuscript, 403 KB

Fingerprint Dive into the research topics of 'Online security behaviour: factors influencing intention to adopt two-factor authentication'. Together they form a unique fingerprint.

Jacques Ophoff
- j.ophoff@abertay.ac.uk
- SDI - Cyber Security - Senior Lecturer
Person: Academic

Cite this

Holmes, Mitch ; Ophoff, Jacques. / Online security behaviour : factors influencing intention to adopt two-factor authentication. Proceedings of the 14th International conference on cyber warfare and security, ICCWS 2019. editor / Noelle van der Waag-Cowling ; Louise Leenen. Reading : Academic Conferences and Publishing International Limited, 2019. pp. 123-132 (Proceedings).

@inproceedings{5f8cc583345d476c9cae68ac3cd53c45,

title = "Online security behaviour: factors influencing intention to adopt two-factor authentication",

abstract = "Two-factor authentication (2FA) is a protective technology designed to increase the security of online accounts. The enhanced security is achieved by using two layers of authentication to facilitate a login process so that should one layer become compromised (e.g. a password), the second layer will still ensure that the account is protected. Considering the prevalence of cybercrime and in particular, password attacks, it is important to examine the behaviour of individuals in terms of the effort they make to protect their online account(s). Studies surrounding 2FA have focused on the various technologies supporting it as well as issues concerning its usability and convenience. In general, users fail to protect themselves online due to the effort that is required. Enhanced security means increased effort and inconvenience, and although risks are present and perceived by Internet users, sufficient effort to protect their online accounts is not made. This study made use of a Protection Motivation Theory (PMT) approach in trying to understand the behaviour of Internet users surrounding their intentions to adopt 2FA to protect their online account(s). The PMT model is adapted to include an additional concept focusing on {\textquoteleft}Technology Awareness{\textquoteright}. Empirical data was collected using an online survey, with 209 responses analysed using Partial Least Squares Structural Equation Modelling (PLS-SEM). Results were in line with other protective technology literature in terms of the perception of online threat vulnerability and severity being less significant in determining behavioural intention than the perception of the technology itself. The results show that the perception of (1) the difficulty associated with using the 2FA technology (response costs) and (2) the effectiveness of the 2FA technology (response efficacy) prove to be significant in determining behavioural intention to adopt 2FA as protective technology. Lastly, awareness of online security issues and solutions was relevant in the adapted PMT model and significantly influenced intention.",

author = "Mitch Holmes and Jacques Ophoff",

year = "2019",

month = feb,

day = "3",

language = "English",

isbn = "9781912764112",

series = "Proceedings",

publisher = "Academic Conferences and Publishing International Limited",

pages = "123--132",

editor = "{van der Waag-Cowling}, Noelle and Louise Leenen",

booktitle = "Proceedings of the 14th International conference on cyber warfare and security, ICCWS 2019",

note = "14th International Conference on Cyber Warfare and Security, ICCWS 2019 ; Conference date: 28-02-2019 Through 01-03-2019",

}

Holmes, M & Ophoff, J 2019, Online security behaviour: factors influencing intention to adopt two-factor authentication. in N van der Waag-Cowling & L Leenen (eds), Proceedings of the 14th International conference on cyber warfare and security, ICCWS 2019. Proceedings, Academic Conferences and Publishing International Limited, Reading, pp. 123-132, 14th International Conference on Cyber Warfare and Security, Stellenbosch, South Africa, 28/02/19.

Online security behaviour : factors influencing intention to adopt two-factor authentication. / Holmes, Mitch; Ophoff, Jacques.

Proceedings of the 14th International conference on cyber warfare and security, ICCWS 2019. ed. / Noelle van der Waag-Cowling; Louise Leenen. Reading : Academic Conferences and Publishing International Limited, 2019. p. 123-132 (Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Online security behaviour

T2 - 14th International Conference on Cyber Warfare and Security

AU - Holmes, Mitch

AU - Ophoff, Jacques

N1 - Conference code: 14th

PY - 2019/2/3

Y1 - 2019/2/3

N2 - Two-factor authentication (2FA) is a protective technology designed to increase the security of online accounts. The enhanced security is achieved by using two layers of authentication to facilitate a login process so that should one layer become compromised (e.g. a password), the second layer will still ensure that the account is protected. Considering the prevalence of cybercrime and in particular, password attacks, it is important to examine the behaviour of individuals in terms of the effort they make to protect their online account(s). Studies surrounding 2FA have focused on the various technologies supporting it as well as issues concerning its usability and convenience. In general, users fail to protect themselves online due to the effort that is required. Enhanced security means increased effort and inconvenience, and although risks are present and perceived by Internet users, sufficient effort to protect their online accounts is not made. This study made use of a Protection Motivation Theory (PMT) approach in trying to understand the behaviour of Internet users surrounding their intentions to adopt 2FA to protect their online account(s). The PMT model is adapted to include an additional concept focusing on ‘Technology Awareness’. Empirical data was collected using an online survey, with 209 responses analysed using Partial Least Squares Structural Equation Modelling (PLS-SEM). Results were in line with other protective technology literature in terms of the perception of online threat vulnerability and severity being less significant in determining behavioural intention than the perception of the technology itself. The results show that the perception of (1) the difficulty associated with using the 2FA technology (response costs) and (2) the effectiveness of the 2FA technology (response efficacy) prove to be significant in determining behavioural intention to adopt 2FA as protective technology. Lastly, awareness of online security issues and solutions was relevant in the adapted PMT model and significantly influenced intention.

AB - Two-factor authentication (2FA) is a protective technology designed to increase the security of online accounts. The enhanced security is achieved by using two layers of authentication to facilitate a login process so that should one layer become compromised (e.g. a password), the second layer will still ensure that the account is protected. Considering the prevalence of cybercrime and in particular, password attacks, it is important to examine the behaviour of individuals in terms of the effort they make to protect their online account(s). Studies surrounding 2FA have focused on the various technologies supporting it as well as issues concerning its usability and convenience. In general, users fail to protect themselves online due to the effort that is required. Enhanced security means increased effort and inconvenience, and although risks are present and perceived by Internet users, sufficient effort to protect their online accounts is not made. This study made use of a Protection Motivation Theory (PMT) approach in trying to understand the behaviour of Internet users surrounding their intentions to adopt 2FA to protect their online account(s). The PMT model is adapted to include an additional concept focusing on ‘Technology Awareness’. Empirical data was collected using an online survey, with 209 responses analysed using Partial Least Squares Structural Equation Modelling (PLS-SEM). Results were in line with other protective technology literature in terms of the perception of online threat vulnerability and severity being less significant in determining behavioural intention than the perception of the technology itself. The results show that the perception of (1) the difficulty associated with using the 2FA technology (response costs) and (2) the effectiveness of the 2FA technology (response efficacy) prove to be significant in determining behavioural intention to adopt 2FA as protective technology. Lastly, awareness of online security issues and solutions was relevant in the adapted PMT model and significantly influenced intention.

M3 - Conference contribution

AN - SCOPUS:85066042833

SN - 9781912764112

SN - 9781510882928

T3 - Proceedings

SP - 123

EP - 132

BT - Proceedings of the 14th International conference on cyber warfare and security, ICCWS 2019

A2 - van der Waag-Cowling, Noelle

A2 - Leenen, Louise

PB - Academic Conferences and Publishing International Limited

CY - Reading

Y2 - 28 February 2019 through 1 March 2019

ER -