Abstract
The fast growing usage of mobile devices to access services over telecommunication networks urges researchers to look for an efficient way to secure users’ online credentials. Rooted in online users’ fear appeals, this study measures the impact of an emerging use of technology, QR codes, on authentication protection. We contribute to the extant literature by integrating two theories—protection motivation theory and the theory of planned behavior, as well as investigating how the collaboration of computers and mobile devices enhances the protection of users’ online credentials. The results of the study additionally provide insights for IT developers for future directions in the development of authentication protection.
Similar content being viewed by others
Notes
Video 1 from https://www.youtube.com/watch?v=O_UDwCsUOxI.
Video 2 from https://www.youtube.com/watch?v=DRgihqFbgPI.
References
InternetLiveStats (2015). Internet Users. http://www.internetlivestats.com/internet-users/.
Infographics. (2014). The 2014 mobile landscape: 25 statistics that will drive the future of mobile marketing. http://www.searchenginejournal.com/2014-mobile-landscape-25-statistics-will-drive-future-mobile-marketing-infographic/89507/.
Kroenke, D. (2014). Experiencing MIS, in 5/E (p. 696). Upper Saddle River: Prentice Hall.
Janrain. Online Americans Fatigued by Password Overload Janrain Study Finds. 2012; Available from: http://janrain.com/about/newsroom/press-releases/online-americans-fatigued-by-password-overload-janrain-study-finds/.
Crossler, R.E., et al., Understanding Compliance with Bring Your Own Device Policies Utilizing Protection Motivation Theory: Bridging the Intention-Behavior Gap, in Journal of Information Systems. 2014, American Accounting Association. p. 209-226.
Posey, C., et al. (2013). Insiders’ protection of organizational information assetts: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189-A9.
Zhang, L., & McDowell, W. C. (2009). Am I really at risk? Determinants of online users’ intentions to use strong passwords. Journal of Internet Commerce, 8(3/4), 180–197.
Al-Debei, M. M., Al-Lozi, E., & Papazafeiropoulou, A. (2013). Why people keep coming back to Facebook: Explaining and predicting continuance participation from an extended theory of planned behaviour perspective. Decision Support Systems, 55(1), 43–54.
DensoWaveIncorporated. (2010). QR code features. http://www.QRcode.com.
Kan, T.-W., Teng, C.-H., & Chen, M. Y. (2011). QR code based augmented reality applications. In B. Furht (Ed.), Handbook of augmented reality (pp. 339–354). New York: Springer.
Dmitrienko, A., et al. (2014). Security analysis of mobile two-factor authentication schemes. Intel Technology Journal, 18(4), 138–161.
Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91(1), 93.
Pavlou, P. A., & Fygenson, M. (2006). Understanding and predicting electronic commerce adoption: An extention of the theory of planned behavior. MIS Quarterly, 30(1), 115–143.
Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: A therectical perspective. MIS Quarterly, 33(1), 71–90.
Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113-A7.
Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83–95.
Herath, T., et al. (2014). Security services as coping mechanisms: An investigation into user intention to adopt an email authentication service. Information Systems Journal, 24(1), 61–84.
Meso, P., Ding, Y., & Xu, S. (2013). Applying protection motivation Theory to information security training for college students. Journal of Information Privacy & Security, 9(1), 47–67.
Kline, R. B. (2004). Principals and practice of structural equation modeling. In D. A. Kenny (Ed.), Methodology in the social sciences (2nd ed., p. 366). New York: The Guilford Press.
Anderson, C. L., & Agarwal, R. (2010). Practing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34(3), 613–643.
Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549–566.
Author information
Authors and Affiliations
Corresponding author
Appendix: Survey instruments (adapted from [5, 20, 21])
Appendix: Survey instruments (adapted from [5, 20, 21])
The following statements concern your experience with authentication protection. Please rate the following statements from 1 to 7, where 1 means you strongly disagree and 7 means you strongly agree.
Perceived threat severity
-
If my user IDs and passwords are broken, it would be severe.
-
If my accounts are hacked, it would be serious.
-
If my user IDs and passwords are stolen, it would be disastrous.
Perceived threat susceptibility
-
My user IDs and passwords are at risk for being broken by others.
-
It is likely that my online accounts will be hacked.
-
It is possible that my user IDs and passwords will be stolen by others.
Self efficacy
-
Using QR codes to log into accounts would be easy for me.
-
Using QR codes to login is convenient.
-
I am able to use QR codes to login without much effort.
Response efficacy
-
Using QR codes for login would be effective for authentication protection.
-
When using QR codes for login, my user ID and password would be more likely to be protected.
Perceived cost
-
Learning how to use QR codes for login is time consuming.
-
It takes me a lot of effort to understand how to use QR codes to log into accounts.
-
The inconvenience of using QR codes is lower than the benefits.
Attitude
-
Using QR codes for login is a good idea.
-
Using QR codes to protect online accounts is promising.
-
I like the idea of using QR codes to protect online accounts.
-
QR codes would be capable to protect my online accounts.
Subjective norm
-
If my close friends use QR codes to secure their accounts, I would also do the same.
-
If significant others use QR codes to secure their accounts, I would also do the same.
-
If my peers suggest that I should use QR codes to secure my online accounts, I will adopt the use of QR codes.
Behavioral intention
Thinking of your future actions, indicate the degree to which you agree or disagree with the following statements regarding your likelihood of implementing QR codes to protect your online accounts.
-
I am likely to use QR codes to log into my online accounts.
-
It is possible that I will use QR codes to protect my online accounts.
-
I am certain that I will use QR codes to protect my accounts in the near future.
Demographic information:
Gender
-
Male
-
Female
-
Other
Age
-
18–29
-
30–39
-
40–49
-
50–59
-
60 and over
Education
-
High School
-
Some College
-
Bachelor’s Degree
-
Master’s Degree
-
Doctorate
-
Other
Computer background
-
How many computers (including desktops and laptops) do you have?
-
How many mobile devices (including smartphones and tablets) do you have?
-
How many online accounts (i.e. emails, bank accounts, shopping accounts, etc.) do you have?
-
How many unique passwords do you have?
Rights and permissions
About this article
Cite this article
Yang, J., Zhang, Y. & Lanting, C.J.M. Exploring the Impact of QR Codes in Authentication Protection: A Study Based on PMT and TPB. Wireless Pers Commun 96, 5315–5334 (2017). https://doi.org/10.1007/s11277-016-3743-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3743-5