Broken Windows, Bad Passwords: Influencing Secure User Behavior via Website Design

摘要

The broken windows theory of crime deterrence suggests that features in a community such as broken windows, graffiti, and petty crime send signals that criminal behavior is accepted as the norm. We extend the broken windows theory to information security by suggesting that poor web site design sends signals that insecure behavior is the norm. Extending the theory of planned behavior, we hypothesize that visual appeal and trust influence subjective norms such that users on a low quality web site will exhibit reduced intentions and behaviors of security. In a laboratory experiment we manipulate web site quality while participants create user accounts. Password entropy and self-reported password strength are compared for accounts created on the high and low quality sites. Our findings suggest that organizations may be able to promote secure behavior by creating systems that are high in visual appeal and trustworthiness.