CCE Theses and Dissertations

Date of Award

2021

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

College of Computing and Engineering

Advisor

Ling Wang

Committee Member

Mary Harward

Committee Member

Junping Sun

Abstract

Employees’ lack of compliance with password policies increases password susceptibility, which leads to financial damages to the organizations as a result of information disclosure, fraud, and unauthorized transactions. However, few studies have examined what motivates employees to comply with password policies.

The purpose of this quantitative cross-sectional study was to examine what factors influence employees’ compliance with password policies. A theoretical model was developed based on Protection Motivation Theory (PMT), General Deterrence Theory (GDT), Theory of Reasoned Action (TRA), and Psychological Ownership Theory to explain employees’ compliance with password policies.

A non-probability convenience sample was employed. The sample consisted of employees who work at organizations that have password policies to comply with. Only employees who use passwords to log in to the organizational accounts can participate. A total of 151 responses were collected using an adapted survey instrument with a Likert scale. Data were analyzed using the Statistical Package for the Social Science (SPSS) software and the Smart Partial Least Square (SmartPLS) software.

The results of this study revealed that self-efficacy, response efficacy, and perceived certainty sanction have a positive influence on employees’ intention to comply with password policies. Employees’ intention to comply with password policies was also found to have a positive influence on employees’ actual compliance. Conversely, the study revealed that perceived vulnerability threat, perceived severity threat, perceived severity sanction, psychological ownership, and response cost have an insignificant influence on employees’ intention to comply with password policies.

This study has practical and theoretical contributions in Information Systems (IS) literature. It bridged the existing gap by developing a theoretical model and determining what factors influence employees’ compliance with password policies. Organizations can effectively tailor initiatives by focusing on the most impactful predictors to motivate employees’ compliance with password policies.

Share

COinS