New study reveals that giving internet users the choice to delay important security tasks, yet nudging them to commit to it later, makes them much more likely to complete these tasks. The study found that these nudges help people follow through without decreasing the rate at which they start the tasks right away. This offers a practical way to improve online security
In the face of rising cybersecurity threats, many internet users continue to neglect essential security actions, such as installing updates or changing compromised passwords. A new study led by Prof. Eyal Pe'er from the Federmann School of Public Policy at the Hebrew University of Jerusalem reveals that offering users the option to delay these tasks, combined with commitment nudges and reminders, significantly increases the likelihood of users eventually completing these important actions.
The research, conducted through a series of online experiments funded by a NSF-BSF grant to Prof. Peer and Dr. Serge Egeleman (U.C. Berkely), focused on understanding how these “nudges” could affect users’ willingness to change a compromised password. The findings are promising: when given the option to delay the task, a considerable number of participants chose to change their password later, resulting in a higher overall compliance rate without considerably reducing the number of users who opted to change their password immediately.
The study found that participants who made a promise to change their password later or requested a reminder were much more likely to follow through on their commitment. The effect was further enhanced when participants were reminded of their previous commitment, leading to a net positive impact on cybersecurity behavior.
"Security tasks often interrupt users at inconvenient times, leading to procrastination or outright neglect," explained Prof. Pe'er. "Our research shows that by allowing users to delay these and commit to completing them later, we can significantly increase the rate at which users complete critical security actions. This approach offers a practical behavioral solution to a common problem in online security."
The implications of this study are far-reaching, offering a simple yet effective strategy to improve cybersecurity compliance among internet users. By incorporating delay options and commitment nudges into security protocols, online platforms and services can better protect their users from potential security threats.
The research paper titled ““Protect Me Tomorrow”: Commitment Nudges to Remedy Compromised Passwords” is now available at ACM Journals and can be accessed at https://doi.org/10.1145/3689038.
Researchers: Eyal Pe'er1, Alisa Frik2, Conor Gilsenan3, Serge Egelman2,3
Institution:
- The Federmann School of Public Policy, Hebrew University of Jerusalem, Jerusalem, Israel
- International Computer Science Institute, Berkeley, USA
- University of California, Berkeley, USA
The Hebrew University of Jerusalem is Israel’s premier academic and research institution. With over 23,000 students from 90 countries, it is a hub for advancing scientific knowledge and holds a significant role in Israel’s civilian scientific research output, accounting for nearly 40% of it and has registered over 11,000 patents. The university’s faculty and alumni have earned eight Nobel Prizes, two Turing Awards a Fields Medal, underscoring their contributions to ground-breaking discoveries. In the global arena, the Hebrew University ranks 81st according to the Shanghai Ranking. To learn more about the university’s academic programs, research initiatives, and achievements, visit the official website at http://new.huji.ac.il/en