Abstract
Authentication plays an important role in securing our systems but is threatened by increasingly sophisticated account hacking and account take over. Several security services have been developed, including multi-factor authentication (MFA) designed to cope with online account authentication. It remains unknown how users perceive and evaluate secure authentication for online account threats and consequently use it to protect their online account. Drawing on the Protection Motivation Theory (PMT) and the literature on anticipated regret, this study investigates the factors that affect the use of MFA secure authentication to avoid online account threats. This work extends PMT by showing how the emotion of anticipated regret heightens appraisals of threat and coping.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
We thank reviewer one for providing this recommendation.
Although this study’s focus is on understanding the influence of anticipated regret (i.e., emotions) as an information source for PMT’s mediating variables, previous studies have modeled anticipated regret as a consequence of coping behaviors and cognitive appraisals (e.g., Verkijika, 2018). Thus, we performed a post-hoc analysis (See Appendix 5) to include the estimation of anticipated regret as a consequent of threat appraisal, and anticipated regret as a determinant of MFA motivation and MFA use. These relationships are significant at the 0.05 level of significance or lower.
References
Abraham, C., & Sheeran, P. (2003). Acting on intentions: The role of anticipated regret. British Journal of Social Psychology, 42, 495–511.
Albarracín, D., & Kumkale, G. T. (2003). Affect as information in persuasion: A model of affect identification and discounting. Journal of Personality and Social Psychology, 84(3), 453–469. https://doi.org/10.1037/0022-3514.84.3.453
Anderson, C., & Agarwal, R. (2010). Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34(3), 613–643.
Barlette, Y., Jaouen, A., & Baillette, P. (2021). Bring Your Own Device (BYOD) as reversed IT adoption: Insights into managers’ coping strategies. International Journal of Information Management, 56(September 2020), 102212. https://doi.org/10.1016/j.ijinfomgt.2020.102212
Benitez, J., Henseler, J., Castillo, A., & Schuberth, F. (2020). How to perform and report an impactful analysis using partial least squares: Guidelines for confirmatory and explanatory IS research. Information and Management, 57(2), 103168. https://doi.org/10.1016/j.im.2019.05.003
Bose, I., & Leung, A. C. M. (2019). Adoption of identity theft countermeasures and its short- and long-term impact on firm value. MIS Quarterly, 43(1), 313–327.
Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837–864.
Brewer, N. T., DeFrank, J. T., & Gilkey, M. B. (2016). Anticipated regret and health behavior: A meta-analysis. Health Psychology, 35(11), 1264–1275. https://doi.org/10.1037/hea0000294
Brown, S. A., Venkatesh, V., & Goyal, S. (2011). Expectation confirmation in technology use. Information Systems Research, 23(2), 474–487. https://doi.org/10.1287/isre.1110.0357
Burns, A. J., Posey, C., Courtney, J. F., Roberts, T. L., & Nanayakkara, P. (2017a). Organizational information security as a complex adaptive system: Insights from three agent-based models. Information Systems Frontiers, 19(3), 509–524. https://doi.org/10.1007/s10796-015-9608-8
Burns, A. J., Posey, C., Roberts, T. L., & Benjamin Lowry, P. (2017b). Examining the relationship of organizational insiders’ psychological capital with information security threat and coping appraisals. Computers in Human Behavior, 68, 190–209.
Burns, A. J., Roberts, T. L., Posey, C., & Lowry, P. B. (2019). The Adaptive roles of positive and negative emotions in organizational insiders’ security-based precaution taking. Information Systems Research, 30(4), 1228–1247. https://doi.org/10.1287/isre.2019.0860
Burns, A. J., Posey, C., & Roberts, T. L. (2021). Insiders’ adaptations to security-based demands in the workplace: An examination of security behavioral complexity. Information Systems Frontiers, 23, 343–360. https://doi.org/10.1007/s10796-019-09951-9
Chen, Y., & Zahedi, F. M. (2016). Individuals ’ internet security perceptions and behaviors : Polycontextual contrasts between the Unites States and China. MIS Ouarterly, 40(1), 205–222.
Choi, H. S., Carpenter, D., & Ko, M. S. (2021). Risk taking behaviors using public Wi-Fi TM. Information Systems Frontiers, 1–18.
CIO. (2020). Leveraging MFA to reduce the risks of a remote workforce. CIO. https://www.cio.com/article/3600838/leveraging-mfa-to-reduce-the-risks-of-a-remote-workforce.html. Accessed 1 Feb 2021.
Clore, G. L., Gasper, K., & Garvin, E. (2001). Affect as information. In J. P. Forgas (Ed.), Handbook of affect and social cognition (pp. 121–144). Lawrence Erlbaum Associates. https://doi.org/10.4135/9781412956253.n8
Crossler, R., & Bélanger, F. (2014). An extended perspective on individual security behaviors: Protection motivation theory and a unified security practices (USP) instrument. The DATA BASE for Advances in Information Systems, 45(4), 51–71.
Crossler, R., Andoh-Baidoo, K., & Menard, P. (2019a). Espoused cultural values as antecedents of individuals’ threat and coping appraisal toward protective information technologies: Study of US and Ghana. Information & Management, 56(5), 754–766.
Crossler, R., Bélanger, F., & Ormond, D. (2019b). The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats. Information Systems Frontiers, 21(2), 343–357. https://doi.org/10.1007/s10796-017-9755-1
Culnan, M. J., & Williams, C. C. (2009). How ethics can enhance organizational privacy: Lessons from the choicepoint and TJX data breaches. MIS Quarterly, 33(4), 673–687.
D’Arcy, J., & Lowry, P. B. (2019). Cognitive-affective drivers of employees’ daily compliance with information security policies: A multilevel, longitudinal study. Information Systems Journal, 29(1), 43–69. https://doi.org/10.1111/isj.12173
D’Arcy, J., & Teh, P. L. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information and Management, 56(7), 103151. https://doi.org/10.1016/j.im.2019.02.006
Dasgupta, D., Roy, A., & Nag, A. (2017). Multi-factor authentication (pp. 185–233). https://doi.org/10.1007/978-3-319-58808-7_5
Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319–340. https://doi.org/10.2307/249008
Equifax (2015). A lasting impact : the emotional toll of identity theft. Equifax. https://assets.equifax.com/legacy/assets/PSOL/15-9814_psol_emotionalToll_wp.pdf. Accessed 2 Feb 2020.
eSecurity. (2021). MFA solves the remote worker security problem. ESecurity. https://www.esecuritysolutions.com/mfa-solves-remote-worker-security-problem/. Accessed 1 Feb 2021.
Featherman, M. S., & Pavlou, P. A. (2003). Predicting e-services adoption: A perceived risk facets perspective. International Journal of Human-Computer Studies, 59(4), 451–474.
Featherman, M. S., & Wells, J. D. (2010). The intangibility of e-Services: Effects on perceived risk and acceptance. ACM SIGMIS Database, 41(2), 110.
Floyd, D. L., Prentice-Dunn, S., & Rogers, R. W. (2000). A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407–429.
Fornell, C., & Larcker, D. F. (1981). Structural equation models with unobservable variables and measurement error: Algebra and statistics. Journal of Marketing Research, 18, 382–388.
Furnell, S. (2018). Assessing website password practices – over a decade of progress? Computer Fraud & Security, 7, 6–13. https://doi.org/10.1016/S1361-3723(18)30063-0
Gohm, C., & Clore, G. L. (2002). Affect as information: An individual differences approach. In F. Barrett & P. Salovey (Eds.), The wisdom in feelings: Psychological processes underlying emotional intelligence (pp. 1–39). Guilford Press.
Golladay, K., & Holtfreter, K. (2017). The Consequences of identity theft victimization: An examination of emotional and physical health outcomes. Victims & Offenders, 12(5), 741–760. https://doi.org/10.1080/15564886.2016.1177766
Google. (2019). Google 2-Step verification. Google. https://www.google.com/landing/2step/. Accessed 20 May 2020.
Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., & Tatham, R. L. (2006). Multivariate data analysis (Vol. 6). Pearson Prentice Hall Upper Saddle River.
Hair, J. F., Ringle, C. M., & Sarstedt, M. (2011). PLS-SEM: Indeed a silver bullet. The Journal of Marketing Theory and Practice, 19(2), 139–152.
Hair, J. F., Risher, J. J., Sarstedt, M., & Ringle, C. M. (2019). When to use and how to report the results of PLS-SEM. European Business Review, 31(1), 2–24. https://doi.org/10.1108/EBR-11-2018-0203
Hangen, E. J., Elliot, A. J., & Jamieson, J. P. (2018). Highlighting the difference between approach and avoidance motivation enhances the predictive validity of performance-avoidance goal reports. Motivation and Emotion. https://doi.org/10.1007/s11031-018-9744-9
Harman, D. (1967). A single factor test of common method variance. Journal of Psychology, 35(1967), 359–378.
Harrell, E., & Langton, L. (2013). Victims of identity theft, 2012. In U.S. Department of Justice (Issue December). http://www.bjs.gov/content/pub/pdf/vit12.pdf. Accessed 11 Dec 2019.
Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J., & Rao, R. (2014). Security services as coping mechanisms: An investigation into user intention to adopt an email authentication service. Information Systems Journal, 24(1), 61–84. https://doi.org/10.1111/j.1365-2575.2012.00420.x
Hunt, T. (2019). The 773 Million Record Collection #1 Data Breach. https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/. Accessed 1 Feb 2021.
ITRC. (2016). Identity theft: The aftermath 2016. https://www.idtheftcenter.org/images/page-docs/AftermathFinal_2016.pdf. Accessed 12 March 2020.
ITRC (2017). Identity Theft: The Aftermath 2017. ITRC. https://www.idtheftcenter.org/post/new-itrc-aftermathsurvey-uncovers-the-strong-emotional-toll-identity-theft-plays-on-its-victims/. Accessed 10 Nov 2019.
ITRC. (2018). The aftermath: The non-economic impacts of identity theft. https://www.idtheftcenter.org/wp-content/uploads/2018/09/ITRC_Aftermath-2018_Web_FINAL.pdf. Accessed 12 March 2020.
ITRC. (2019). Identity theft: Financial toll, but an emotional one as well. Identity Theft Resource Center. https://www.idtheftcenter.org/identity-theft-financial-toll-but-an-emotional-one-as-well/. Accessed 12 March 2020.
Jaros, D., & Kuchta, R. (2010). New location-based authentication techniques in the access management. Proceedings - 6th International Conference on Wireless and Mobile Communications, ICWMC 2010, 426–430. https://doi.org/10.1109/ICWMC.2010.62
Javelin (2017). State of Authentication Report. https://fidoalliance.org/wp-content/uploads/The-State-of-Authentication-Report.pdf. Accessed 2 Feb 2020.
Javelin. (2018). 2018 Identity Fraud: Fraud Enters a New Era of Complexity | Javelin. Javelin. https://www.javelinstrategy.com/coverage-area/2018-identity-fraud-fraud-enters-new-era-complexity. Accessed 2 May 2019.
Jenkins, J. L., Anderson, B. B., Vance, A., Kirwan, C. B., & Eargle, D. (2016). More harm than good? How messages that interrupt can make us vulnerable. Information Systems Research, 27(4), 880–896.
Jensen, M. L., Dinger, M., Wright, R. T., & Thatcher, J. B. (2017). Training to mitigate phishing attacks using mindfulness techniques. Journal of Management Information Systems, 34(2), 597–626. https://doi.org/10.1080/07421222.2017.1334499
Johnston, A. C., & Warkentin, M. (2010). Fear Appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549–563.
Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging Threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113-A7.
Kock, N. (2015). Common method bias in PLS-SEM: A full collinearity assessment approach. International Journal of E-Collaboration, 11(4), 1–10.
Kweon, E., Lee, H., Chai, S., & Yoo, K. (2021). The utility of information security training and education on cybersecurity incidents: An empirical evidence. Information Systems Frontiers, 23(2), 361–373. https://doi.org/10.1007/s10796-019-09977-z
Lawless Research. (2016a). Beyond the password : The future of account security. https://www.telesign.com/wp-content/uploads/2016a/06/Telesign-Report-Beyond-the-Password-June-2016-1.pdf. Accessed 2 May 2019.
Lawless Research (2016b). TeleSign Consumer Account Security Report 2016. https://ts.telesign.com/hubfs/Downloadable-Assets/Consumer-Account-Security-Report-2016-EN.pdf. Accessed 5 Feb 2019.
Lee, M., & Lee, J. (2012). The impact of information security failure on customer behaviors: A study on a large-scale hacking incident on the internet. Information Systems Frontiers, 14(2), 375–393. https://doi.org/10.1007/s10796-010-9253-1
Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33(1), 71–90.
Liang, H., & Xue, Y. (2010). Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11(7), 394–413.
Liang, H., Xue, Y., Pinsonneault, A., & Wu, Y. (2019). What Users do besides problem-focused coping in the it security context: An emotion-focused coping perspective. MIS Quarterly, 43(2), 373–394. https://doi.org/10.25300/MISQ/2019/14360
Libicki, M. C., Balkovich, E., Jackson, B. A., Rudavsky, R., & Webb, K. W. (2011). Influences on the Adoption of Multifactor Authentication. Rand Corporation. Santa Monica, CA: RAND Corporation.
Lowry, P. B., D’Arcy, J., Hammer, B., & Moody, G. D. (2016). “Cargo Cult” science in traditional organization and information systems survey research: A case for using nontraditional methods of data collection, including Mechanical Turk and online panels. Journal of Strategic Information Systems, 25, 232–240. https://doi.org/10.1016/j.jsis.2016.06.002
Marikyan, D., Papagiannidis, S., & Alamanos, E. (2020). Cognitive dissonance in technology adoption: A study of smart home users. Information Systems Frontiers, 1. https://doi.org/10.1007/s10796-020-10042-3
Menard, P., Bott, G. J., & Crossler, R. (2017). User motivations in protecting information security: Protection motivation theory versus self-determination theory. Journal of Management Information Systems, 34(4), 1203–1230. https://doi.org/10.1080/07421222.2017.1394083
Menard, P., Warkentin, M., & Lowry, P. B. (2018). The impact of collectivism and psychological ownership on protection motivation: A cross-cultural examination. Computers & Security, 75, 147–166. https://doi.org/10.1016/j.cose.2018.01.020
Microsoft. (2019). One simple action you can take to prevent 99.9 percent of attacks on your accounts. https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/. Accessed 20 May 2020.
Milne, G. (2003). How well do consumers protect themselves from identity theft? Journal of Consumer Affairs, 37(2), 388–402.
Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1), 285–311.
Ogbanufe, O., & Kim, D. J. (2018). Comparing fingerprint-based biometrics authentication versus traditional authentication methods for e-payment. Decision Support Systems, 106, 1–14. https://doi.org/10.1016/j.dss.2017.11.003
Ogbanufe, O., & Pavur, R. (2022). Going through the emotions of regret and fear: Revisiting protection motivation for identity theft protection. International Journal of Information Management, 62(September 2021), 102432. https://doi.org/10.1016/j.ijinfomgt.2021.102432
Pernul, G. (1995). Information systems security: Scope, state-of-the-art, and evaluation of techniques. International Journal of Information Management, 15(3), 165–180. https://doi.org/10.1016/0268-4012(95)00010-5
Perugini, M., & Bagozzi, R. (2001). The role of desires and anticipated emotions in goal-directed behaviours: Broadening and deepening the theory of planned behaviour. British Journal of Social Psychology, 40(1), 79–98. https://doi.org/10.1348/014466601164704
Phillips, P., Abraham, C., & Bond, R. (2003). Personality, cognition , and university students ’ examination performance. 448(December 2002), 435–448.
Ponemon. (2015). Medical identity theft. http://medidfraud.org/wp-content/uploads/2015/02/2014_Medical_ID_Theft_Study1.pdf. Accessed 12 March 2020.
Posey, C., Roberts, T. L., Lowry, P. B., & Hightower, R. T. (2014). Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Information & Management, 51(5), 551–567. https://doi.org/10.1016/j.im.2014.03.009
Posey, C., Roberts, T. L., & Lowry, P. B. (2015). The impact of organizational commitment on insiders’ motivation to protect organizational information assets. Journal of Management Information Systems, 32(4), 179–214.
Raghunathan, R., & Corfman, K. P. (2004). Sadness as pleasure-seeking prime and anxiety as attentiveness prime: The “Different Affect-Different Effect” (DADE) model. Motivation and Emotion, 28(1), 23–41. https://doi.org/10.1023/B:MOEM.0000027276.32709.30
Renaud, K., Otondo, R., & Warkentin, M. (2019). “This is the way ‘I’ create my passwords” … does the endowment effect deter people from changing the way they create their passwords? Computers & Security, 82, 241–260. https://doi.org/10.1016/J.COSE.2018.12.018
Ringle, C. M., Wende, S., & Becker, J.-M. (2015). SmartPLS 3.0. SmartPLS GmbH. http://www.smartpls.com. Accessed 9 Sept 2019.
Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91(1), 93–114.
Rogers, R. W., & Deckner, C. W. (1975). Effects of fear appeals and physiological arousal upon emotion, attitudes, and cigarette smoking. Journal of Personality and Social Psychology, 32(2), 222–230. https://doi.org/10.1037//0022-3514.32.2.222
Rogers, R. W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In J. T. Cacioppo & R. Petty (Eds.), Social psychophysiology: A sourcebook (pp. 153–177).
Saffrey, C., Summerville, A., & Roese, N. J. (2008). Praise for regret: People value regret above other negative emotions. Motivation and Emotion, 32(1), 46–54. https://doi.org/10.1007/s11031-008-9082-4
Salam, A. F., Dai, H. & Wang, L. (2021) Online Users’ Identity Theft and Coping Strategies, Attribution and Sense of Urgency: A Non-Linear Quadratic Effect Assessment. Information Systems Frontiers. https://doi.org/10.1007/s10796-021-10194-w
Samtani, S., Chinn, R., Chen, H., & Nunamaker, J. F. (2017). Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence. Journal of Management Information Systems, 34(4), 1023–1053. https://doi.org/10.1080/07421222.2017.1394049
Sandhu, R., & Samarati, P. (1996). Authentication, access control, and audit. ACM Computing Surveys (CSUR), 28(1), 241–243.
Schwarz, N., & Clore, G. L. (1983). Mood, misattribution, and judgments of well-being: Informative and directive functions of affective states. Journal of Personality and Social Psychology, 45(3), 513–523. https://doi.org/10.1037/0022-3514.45.3.513
Sharp, T., Shreve-Neiger, A., Fremouw, W., Kane, J., & Hutton, S. (2004). Exploring the psychological and somatic impact of identity theft. Journal of Forensic Sciences, 49(1), 131–136.
Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security neutralization. MIS Quarterly, 34(3), 487–502.
Siponen, M., Adam Mahmood, M., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217–224. https://doi.org/10.1016/j.im.2013.08.006
Smith, C. A., & Lazarus, R. S. (1993). Appraisal components, core relational themes, and the emotions. Cognition & Emotion. http://www.tandfonline.com/doi/abs/10.1080/02699939308409189
Steelman, Z. R., Hammer, B. I., & Limayem, M. (2014). Data collection in the digital age: Innovative alternatives to student samples. MIS Quarterly, 38(2), 355–378.
TechTarget. (2019). Exploring multifactor authentication benefits and technology. TechTarget. https://searchsecurity.techtarget.com/feature/The-fundamentals-of-MFA-Multifactor-authentication-in-the-enterprise. Accessed 12 March 2020.
The New York Times (2017). All 3 Billion Yahoo Accounts Were Affected by 2013 Attack. The New York Times. https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html. Accessed 11 Jan 2020.
Toor, A., Wechsler, H., Nappi, M., & Choo, K. K. R. (2018). Visual Question Authentication Protocol (VQAP). Computers and Security, 76, 285–294. https://doi.org/10.1016/j.cose.2017.11.017
Tsai, H. Y. S., Jiang, M., Alhabash, S., Larose, R., Rifon, N. J., & Cotten, S. R. (2016). Understanding online safety behaviors: A protection motivation theory perspective. Computers & Security, 59(1318885), 138–150. https://doi.org/10.1016/j.cose.2016.02.009
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3–4), 190–198.
Venkatesh, V., & Davis, F. D. (2000). A theoretical extension of the technology acceptance model: Four longitudinal field studies. Management Science, 46(2), 186–204.
Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptance of information technology: Toward a unified view. MIS Quarterly, 27(3), 425–478. https://doi.org/10.2307/30036540
Verizon (2016). 2016 Data breach investigations report. In Verizon (Issue 1). https://doi.org/10.1017/CBO9781107415324.004
Verizon (2017). 2017 Data Breach Investigations Report. Verizon. https://enterprise.verizon.com/resources/reports/2017_dbir.pdf. Accessed 20 Feb 2020.
Verkijika, S. F. (2018). Understanding smartphone security behaviors: An extension of the protection motivation theory with anticipated regret. Computers & Security, 77, 860–870. https://doi.org/10.1016/j.cose.2018.03.008
Verkijika, S. F. (2019). “If you know what to do, will you take action to avoid mobile phishing attacks”: Self-efficacy, anticipated regret, and gender. Computers in Human Behavior, 101(July), 286–296. https://doi.org/10.1016/j.chb.2019.07.034
Vigliarolo, B. (2018). 43% of all online login attempts are made by hackers trying to break into your account - TechRepublic. TechRepublic. https://www.techrepublic.com/article/43-of-all-online-login-attempts-are-made-by-hackers-trying-to-break-into-your-account/. Accessed 12 March 2020.
Williams, F., & Haldeman, V. (1996). Financial concerns and productivity. Financial Counseling and Planning, 7(702), 147–156.
Wilson, D., & Sperber, D. (2002). Relevance theory. In G. Ward & L. Horn (Eds.), Handbook of pragmatics. Blackwell.
Wilson, J., Boyer O’Leary, M., Metiu, A., & Jett, Q. (2008). Perceived proximity in virtual work: Explaining the paradox of far-but-close. Organization Studies, 29(7), 979–1002. https://doi.org/10.1177/0170840607083105
Xu, F., Luo, X., & Hsu, C. (2019). Anger or fear? Effects of discrete emotions on employee’s computer-related deviant behavior. Information & Management, 57(3), 103180. https://doi.org/10.1016/j.im.2019.103180
Zeelenberg, M. (1999). Anticipated regret, expected feedback and behavioral decision making. Journal of Behavioral Decision Making, 12, 93–106.
Zeelenberg, M., & Beattie, J. (1997). Consequences of regret Aversion2: Additional evidence for effects of feedback on decision making. Organizational Behavior and Human Decision Processes, 72(1), 63–78.
Zhang, J., Luo, X., Akkaladevi, S., & Ziegelmayer, J. (2009). Improving multiple-password recall: An empirical study. European Journal of Information Systems, 18(2), 165–176. https://doi.org/10.1057/ejis.2009.9
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors have no relevant financial or non-financial interests to disclose.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix 1
Appendix 2
Appendix 3: Description of MFA and Account Hacking
Written definitions of account hacking and multi-factor authentication provided to the survey respondents at the beginning of the survey.
-
1.
Online account hacking is when a hacker breaks into a person's existing online account (e.g., email, social media account, online bank account) and then conducts malicious activities.
-
2.
Multi-factor authentication (MFA) is a secure method of account authentication that requires more than one piece of evidence (e.g., password + fingerprint, password + token) to verify a user's identity when accessing an online account. MFA can be activated and used through one's online banking application, online email vendor, or social media.
Appendix 4
Appendix 5: Posthoc Analysis
Alternate model with anticipated regret as a consequent of perceived threat. Note: + p < 0.10, * p < 0.05, ** p < 0.01, *** p < 0.001
Rights and permissions
About this article
Cite this article
Ogbanufe, O.M., Baham, C. Using Multi-Factor Authentication for Online Account Security: Examining the Influence of Anticipated Regret. Inf Syst Front 25, 897–916 (2023). https://doi.org/10.1007/s10796-022-10278-1
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-022-10278-1