Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage a university case study

Tietomurrot aiheuttavat yhä enenevissä määrin huolta, sillä ne voivat vahingoittaa merkittävästi ihmisiä, organisaatioita ja yhteiskuntia. Pelkät tehokkaat teknologiset työkalut eivät yksin takaa, että arkaluonteiset tiedot olisivat suojassa luvattomalta käytöltä – myös loppukäyttäjien tulee toimia...

Full description

Bibliographic Details
Main Author: Haapaniemi, Heidi
Other Authors: Faculty of Information Technology, Informaatioteknologian tiedekunta, Information Technology, Informaatioteknologia, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:eng
Published: 2024
Subjects:
Online Access: https://jyx.jyu.fi/handle/123456789/94575
_version_ 1826225736782970880
author Haapaniemi, Heidi
author2 Faculty of Information Technology Informaatioteknologian tiedekunta Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto
author_facet Haapaniemi, Heidi Faculty of Information Technology Informaatioteknologian tiedekunta Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto Haapaniemi, Heidi Faculty of Information Technology Informaatioteknologian tiedekunta Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto
author_sort Haapaniemi, Heidi
datasource_str_mv jyx
description Tietomurrot aiheuttavat yhä enenevissä määrin huolta, sillä ne voivat vahingoittaa merkittävästi ihmisiä, organisaatioita ja yhteiskuntia. Pelkät tehokkaat teknologiset työkalut eivät yksin takaa, että arkaluonteiset tiedot olisivat suojassa luvattomalta käytöltä – myös loppukäyttäjien tulee toimia turvallisella tavalla. Vaikka tietoturva on vahvasti riippuvainen käyttäjistä, ei heidän käyttäytymistään eikä varsinkaan sopeutumatonta käyttäytymistä ole tutkittu tarpeeksi. Tässä pro gradu -tutkielmassa tätä alitutkittua aihetta käsitellään tutkimalla käsityksiä ja selviytymismenetelmiä, joiden on todettu vaikuttavan käyttäjien käyttäytymiseen heidän kohdatessaan uhkia. Tutkimukseen sisällytettiin kaksi adaptiivista selviytymismenetelmää, vahvat salasanat ja monivaiheinen tunnistautuminen, sekä yksi epäadaptiivinen selviytymismenetelmä, suojautuva välttely. Tapaustutkimuksessa selvitettiin, oliko opiskelijoiden, jotka olivat vapaaehtoisesti aktivoineet monivaiheisen tunnistautumisen yliopiston käyttäjätililleen, ja opiskelijoiden, jotka eivät olleet aktivoineet sitä, välillä eroja käsityksissä ja aikomuksissa käyttää tutkittuja selviytymismenetelmiä. Aineisto kerättiin verkkokyselyllä, joka lähetettiin rajatulle joukolle Jyväskylän yliopiston opiskelijoista, ja se analysoitiin kvantitatiivisesti. Tutkimuksessa selvisi, että vapaaehtoisesti monivaiheisen tunnistautumisen aktivoineilla opiskelijoilla ei ollut korkeampaa uhkakuvaa eikä enempää tietoa, mutta he kokivat kykynsä käyttää monivaiheista tunnistautumista (minäpystyvyys) paremmaksi ja sen käyttämiseen vaadittavan vaivan (kustannukset) pienemmäksi verrattuna toiseen ryhmään. Aikomukset käyttää vahvoja salasanoja ja suojautuvaa välttelyä olivat molemmissa tutkituissa ryhmissä samalla tasolla. Tulokset osoittavat, että muutettaessa organisaatiossa käytettäviä tunnistautumismenetelmiä on hyödyllistä ottaa huomioon erityisesti minäpystyvyys ja kustannukset käyttäjän näkökulmasta. Kaiken kaikkiaan, käyttäjiä paremmin ymmärtämällä on mahdollista tarjota heille tukea tunnistautumismenetelmien käytössä ja siten parantaa organisaation turvallisuutta, mikä puolestaan voi auttaa vähentämään tietovuotoja, mainehaittoja ja taloudellisia menetyksiä. On kuitenkin selvää, että selviytymismekanismeja on syytä tutkia lisää erityisesti uhkien arviointitekijöiden vaikutusten ja epäadaptiivisen selviytymiskäyttäytymisen roolin selkiyttämiseksi tietoturvan kontekstissa. Data breaches are a growing concern since they can significantly harm people, organizations, and societies. To protect sensitive data against unauthorized access, efficient technological tools alone do not guarantee security – end users should also act in a secure way. Even though information security heavily depends on users, their behavior and especially maladaptive behavior has been understudied. This thesis addressed this gap by studying several perceptions that have been identified to affect users’ behavior and coping methods when faced with a threat. Two adaptive coping methods, strong passwords and multifactor authentication, as well as one maladaptive coping method, defensive avoidance, were included in the study. The case study examined whether there were differences in perceptions and intentions to use the studied coping methods between students who had voluntarily activated multifactor authentication for their university user account and students who had not activated it. The data was collected by an online survey sent to a selected group of students at the University of Jyväskylä and analyzed quantitatively. The study found that students who voluntarily activated multifactor authentication did not have any higher perceptions of threat nor more knowledge, but they found their capability to use multifactor authentication (self-efficacy) higher and the effort required to use it (response costs) lower compared to the other group. The intentions to use strong passwords and defensive avoidance were found to be at similar levels in both studied groups. The results indicate that when making changes in the authentication methods used at an organization, it is useful to consider especially the self-efficacy and the response costs from the user’s point of view. Overall, through understanding the user better it is possible to support users in the use of authentication methods and thus improve the organization’s security, which in turn can help in reducing security breaches, reputational damages, and financial losses. It is, however, evident that more research into coping mechanisms is needed, especially to further clarify the effects of threat appraisal and the role of maladaptive coping behaviors in the context of information security.
first_indexed 2024-04-30T20:00:45Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Woods, Naomi", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Haapaniemi, Heidi", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-04-30T06:17:08Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-04-30T06:17:08Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/94575", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tietomurrot aiheuttavat yh\u00e4 eneneviss\u00e4 m\u00e4\u00e4rin huolta, sill\u00e4 ne voivat vahingoittaa merkitt\u00e4v\u00e4sti ihmisi\u00e4, organisaatioita ja yhteiskuntia. Pelk\u00e4t tehokkaat teknologiset ty\u00f6kalut eiv\u00e4t yksin takaa, ett\u00e4 arkaluonteiset tiedot olisivat suojassa luvattomalta k\u00e4yt\u00f6lt\u00e4 \u2013 my\u00f6s loppuk\u00e4ytt\u00e4jien tulee toimia turvallisella tavalla. Vaikka tietoturva on vahvasti riippuvainen k\u00e4ytt\u00e4jist\u00e4, ei heid\u00e4n k\u00e4ytt\u00e4ytymist\u00e4\u00e4n eik\u00e4 varsinkaan sopeutumatonta k\u00e4ytt\u00e4ytymist\u00e4 ole tutkittu tarpeeksi. T\u00e4ss\u00e4 pro gradu -tutkielmassa t\u00e4t\u00e4 alitutkittua aihetta k\u00e4sitell\u00e4\u00e4n tutkimalla k\u00e4sityksi\u00e4 ja selviytymismenetelmi\u00e4, joiden on todettu vaikuttavan k\u00e4ytt\u00e4jien k\u00e4ytt\u00e4ytymiseen heid\u00e4n kohdatessaan uhkia. Tutkimukseen sis\u00e4llytettiin kaksi adaptiivista selviytymismenetelm\u00e4\u00e4, vahvat salasanat ja monivaiheinen tunnistautuminen, sek\u00e4 yksi ep\u00e4adaptiivinen selviytymismenetelm\u00e4, suojautuva v\u00e4lttely. Tapaustutkimuksessa selvitettiin, oliko opiskelijoiden, jotka olivat vapaaehtoisesti aktivoineet monivaiheisen tunnistautumisen yliopiston k\u00e4ytt\u00e4j\u00e4tililleen, ja opiskelijoiden, jotka eiv\u00e4t olleet aktivoineet sit\u00e4, v\u00e4lill\u00e4 eroja k\u00e4sityksiss\u00e4 ja aikomuksissa k\u00e4ytt\u00e4\u00e4 tutkittuja selviytymismenetelmi\u00e4. Aineisto ker\u00e4ttiin verkkokyselyll\u00e4, joka l\u00e4hetettiin rajatulle joukolle Jyv\u00e4skyl\u00e4n yliopiston opiskelijoista, ja se analysoitiin kvantitatiivisesti. Tutkimuksessa selvisi, ett\u00e4 vapaaehtoisesti monivaiheisen tunnistautumisen aktivoineilla opiskelijoilla ei ollut korkeampaa uhkakuvaa eik\u00e4 enemp\u00e4\u00e4 tietoa, mutta he kokivat kykyns\u00e4 k\u00e4ytt\u00e4\u00e4 monivaiheista tunnistautumista (min\u00e4pystyvyys) paremmaksi ja sen k\u00e4ytt\u00e4miseen vaadittavan vaivan (kustannukset) pienemm\u00e4ksi verrattuna toiseen ryhm\u00e4\u00e4n. Aikomukset k\u00e4ytt\u00e4\u00e4 vahvoja salasanoja ja suojautuvaa v\u00e4lttely\u00e4 olivat molemmissa tutkituissa ryhmiss\u00e4 samalla tasolla. Tulokset osoittavat, ett\u00e4 muutettaessa organisaatiossa k\u00e4ytett\u00e4vi\u00e4 tunnistautumismenetelmi\u00e4 on hy\u00f6dyllist\u00e4 ottaa huomioon erityisesti min\u00e4pystyvyys ja kustannukset k\u00e4ytt\u00e4j\u00e4n n\u00e4k\u00f6kulmasta. Kaiken kaikkiaan, k\u00e4ytt\u00e4ji\u00e4 paremmin ymm\u00e4rt\u00e4m\u00e4ll\u00e4 on mahdollista tarjota heille tukea tunnistautumismenetelmien k\u00e4yt\u00f6ss\u00e4 ja siten parantaa organisaation turvallisuutta, mik\u00e4 puolestaan voi auttaa v\u00e4hent\u00e4m\u00e4\u00e4n tietovuotoja, mainehaittoja ja taloudellisia menetyksi\u00e4. On kuitenkin selv\u00e4\u00e4, ett\u00e4 selviytymismekanismeja on syyt\u00e4 tutkia lis\u00e4\u00e4 erityisesti uhkien arviointitekij\u00f6iden vaikutusten ja ep\u00e4adaptiivisen selviytymisk\u00e4ytt\u00e4ytymisen roolin selkiytt\u00e4miseksi tietoturvan kontekstissa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Data breaches are a growing concern since they can significantly harm people, organizations, and societies. To protect sensitive data against unauthorized access, efficient technological tools alone do not guarantee security \u2013 end users should also act in a secure way. Even though information security heavily depends on users, their behavior and especially maladaptive behavior has been understudied. This thesis addressed this gap by studying several perceptions that have been identified to affect users\u2019 behavior and coping methods when faced with a threat. Two adaptive coping methods, strong passwords and multifactor authentication, as well as one maladaptive coping method, defensive avoidance, were included in the study. The case study examined whether there were differences in perceptions and intentions to use the studied coping methods between students who had voluntarily activated multifactor authentication for their university user account and students who had not activated it. The data was collected by an online survey sent to a selected group of students at the University of Jyv\u00e4skyl\u00e4 and analyzed quantitatively. The study found that students who voluntarily activated multifactor authentication did not have any higher perceptions of threat nor more knowledge, but they found their capability to use multifactor authentication (self-efficacy) higher and the effort required to use it (response costs) lower compared to the other group. The intentions to use strong passwords and defensive avoidance were found to be at similar levels in both studied groups. The results indicate that when making changes in the authentication methods used at an organization, it is useful to consider especially the self-efficacy and the response costs from the user\u2019s point of view. Overall, through understanding the user better it is possible to support users in the use of authentication methods and thus improve the organization\u2019s security, which in turn can help in reducing security breaches, reputational damages, and financial losses. It is, however, evident that more research into coping mechanisms is needed, especially to further clarify the effects of threat appraisal and the role of maladaptive coping behaviors in the context of information security.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2024-04-30T06:17:08Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-04-30T06:17:08Z (GMT). No. of bitstreams: 0\n Previous issue date: 2024", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "96", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "data breach", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "protection motivation theory", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "coping behavior", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "suojelumotivaatioteoria", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "selviytymisk\u00e4ytt\u00e4ytyminen", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tunnistautuminen", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202404303203", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietomurto", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "salasanat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "todentaminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data break-in", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "passwords", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "authentication", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_94575
language eng
last_indexed 2025-02-18T10:54:16Z
main_date 2024-01-01T00:00:00Z
main_date_str 2024
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/f13a7100-c839-4359-8b85-486e420430b1\/download","text":"URN:NBN:fi:jyu-202404303203.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2024
record_format qdc
source_str_mv jyx
spellingShingle Haapaniemi, Heidi Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study data breach protection motivation theory coping behavior suojelumotivaatioteoria selviytymiskäyttäytyminen tunnistautuminen Information Systems Science Tietojärjestelmätiede 601 tietomurto kyberturvallisuus salasanat todentaminen data break-in cyber security passwords authentication
title Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study
title_full Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study
title_fullStr Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study
title_full_unstemmed Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study
title_short Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage
title_sort exploring perceptions and coping behaviors regarding imposed multifactor authentication usage a university case study
title_sub a university case study
title_txtP Exploring perceptions and coping behaviors regarding imposed multifactor authentication usage : a university case study
topic data breach protection motivation theory coping behavior suojelumotivaatioteoria selviytymiskäyttäytyminen tunnistautuminen Information Systems Science Tietojärjestelmätiede 601 tietomurto kyberturvallisuus salasanat todentaminen data break-in cyber security passwords authentication
topic_facet 601 Information Systems Science Tietojärjestelmätiede authentication coping behavior cyber security data breach data break-in kyberturvallisuus passwords protection motivation theory salasanat selviytymiskäyttäytyminen suojelumotivaatioteoria tietomurto todentaminen tunnistautuminen
url https://jyx.jyu.fi/handle/123456789/94575 http://www.urn.fi/URN:NBN:fi:jyu-202404303203
work_keys_str_mv AT haapaniemiheidi exploringperceptionsandcopingbehaviorsregardingimposedmultifactorauthenticationu