“This is the way ‘I’ create my passwords ...": does the endowment effect deter people from changing the way they create their passwords?

Karen Renaud, Robert Otondo, Merrill Warkentin

Research output: Contribution to journalArticle

Abstract

The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.

In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines.
LanguageEnglish
Pages241-260
Number of pages20
JournalComputers and Security
Volume82
Early online date3 Jan 2019
DOIs
Publication statusE-pub ahead of print - 3 Jan 2019

Fingerprint

Chemical activation
activation
artifact
evidence
Values

Cite this

@article{3c0976b32fe04a7184581073d900aa42,
title = "“This is the way ‘I’ create my passwords ...{"}: does the endowment effect deter people from changing the way they create their passwords?",
abstract = "The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also {"}own{"}, and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value{"} of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines.",
author = "Karen Renaud and Robert Otondo and Merrill Warkentin",
year = "2019",
month = "1",
day = "3",
doi = "10.1016/j.cose.2018.12.018",
language = "English",
volume = "82",
pages = "241--260",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

“This is the way ‘I’ create my passwords ..." : does the endowment effect deter people from changing the way they create their passwords? / Renaud, Karen; Otondo, Robert; Warkentin, Merrill.

In: Computers and Security, Vol. 82, 31.05.2019, p. 241-260.

Research output: Contribution to journalArticle

TY - JOUR

T1 - “This is the way ‘I’ create my passwords ..."

T2 - Computers and Security

AU - Renaud, Karen

AU - Otondo, Robert

AU - Warkentin, Merrill

PY - 2019/1/3

Y1 - 2019/1/3

N2 - The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines.

AB - The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines.

U2 - 10.1016/j.cose.2018.12.018

DO - 10.1016/j.cose.2018.12.018

M3 - Article

VL - 82

SP - 241

EP - 260

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -