1. Short Paper: Organizational Security: Implementing a Risk-Reduction-Based Incentivization Model for MFA Adoption
- Author
-
L. Jean Camp, Sanchari Das, and Andrew Kim
- Subjects
Authentication ,Knowledge management ,Work (electrical) ,business.industry ,Computer science ,Short paper ,Control (management) ,Organizational security ,Survey data collection ,Multi-factor authentication ,business ,Security awareness - Abstract
Multi-factor authentication (MFA) is a useful measure for strengthening authentication. Despite its security effectiveness, the adoption of MFA tools remains low. To create more human-centric authentication solutions, we designed and evaluated the efficacy of a risk-reduction-based incentivization model and implemented our proposed model in a large-scale organization with more than 92, 025 employees, and collected survey data from 287 participants and interviewed 41 participants. We observed negative perceptions and degraded understandings of MFA technology due to the absence of proper risk and benefit communication in the control group. Meanwhile, the experimental group employees showed positive perceptions of MFA use for their work and personal accounts. Our analysis and implementation strategy are critical for reducing users’ risks, creating positive security tool usage experiences, and motivating users to enhance their security practices.
- Published
- 2021