New study reveals that giving internet users the choice to delay important security tasks, yet nudging them to commit to it later, makes them much more likely to complete these tasks. The study found that these nudges help people follow through without decreasing the rate at which they start the tasks right away. This offers a practical way to improve online security.
In the face of rising cybersecurity threats, many internet users continue to neglect essential security actions, such as installing updates or changing compromised passwords. A new study led by Prof. Eyal Pe'er from the Federmann School of Public Policy at the Hebrew University of Jerusalem reveals that offering users the option to delay these tasks, combined with commitment nudges and reminders, significantly increases the likelihood of users eventually completing these important actions.
The research, conducted through a series of online experiments funded by a NSF-BSF grant to Prof. Peer and Dr. Serge Egeleman (U.C. Berkely), focused on understanding how these “nudges” could affect users’ willingness to change a compromised password. The findings are promising: when given the option to delay the task, a considerable number of participants chose to change their password later, resulting in a higher overall compliance rate without considerably reducing the number of users who opted to change their password immediately.
The study found that participants who made a promise to change their password later or requested a reminder were much more likely to follow through on their commitment. The effect was further enhanced when participants were reminded of their previous commitment, leading to a net positive impact on cybersecurity behavior.
"Security tasks often interrupt users at inconvenient times, leading to procrastination or outright neglect," explained Prof. Pe'er. "Our research shows that by allowing users to delay these and commit to completing them later, we can significantly increase the rate at which users complete critical security actions. This approach offers a practical behavioral solution to a common problem in online security."
The implications of this study are far-reaching, offering a simple yet effective strategy to improve cybersecurity compliance among internet users. By incorporating delay options and commitment nudges into security protocols, online platforms and services can better protect their users from potential security threats.
ACM Transactions on Computer-Human Interaction
Experimental study
People
“Protect Me Tomorrow”: Commitment Nudges to Remedy Compromised Passwords
16-Aug-2024