“This is the way ‘I’ create my passwords ...": does the endowment effect deter people from changing the way they create their passwords?

Karen Renaud*, Robert Otondo, Merrill Warkentin

*Corresponding author for this work

Research output: Contribution to journalArticle

3 Citations (Scopus)
33 Downloads (Pure)


The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.

In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines.
Original languageEnglish
Pages (from-to)241-260
Number of pages20
JournalComputers and Security
Early online date3 Jan 2019
Publication statusPublished - 31 May 2019


Cite this