Additional Information regarding Survey Reported at AMCIS 2022, by S. Mitra and J. Barlow
Procedures
Course instructors sent a link to the survey to students who agreed to participate. To retain anonymity, students were asked to upload a screenshot of the survey completion page on the course website to receive extra credit for participating. The screenshots submitted did not contain any identifiable information to link to their specific responses.
The first page of the survey was the institutional informed consent statement. This was followed by a section of questions asking about general security concerns and perceived risk regarding each one of the three sensitive actions (i.e., banking, health, personally identifiable information). These questions were asked prior to mentioning any authentication methods, in order to ascertain participants’ baseline risk and security perceptions regarding these general situations.
On the next page, the survey introduced the seven authentication methods. We asked participants their level of familiarity, use, and experience with each of these seven authentication methods.
To reduce potential survey fatigue, we asked participants questions regarding only one of the seven authentication methods for the remainder of the survey. In Qualtrics, we used randomization to assign which of the seven methods any given participant would see in both the scenarios and other questions in the last part of the survey. Before the scenarios, we asked participants their perceptions of trust, convenience, ease of use, and usefulness for the given authentication method that was assigned to them. Participants then read each of the three scenarios and a set of questions corresponding to each scenario, asking the perceptions of risk and security concerns for that given scenario. We solicited demographic information on the last page of the survey.
Survey Items
References
Course instructors sent a link to the survey to students who agreed to participate. To retain anonymity, students were asked to upload a screenshot of the survey completion page on the course website to receive extra credit for participating. The screenshots submitted did not contain any identifiable information to link to their specific responses.
The first page of the survey was the institutional informed consent statement. This was followed by a section of questions asking about general security concerns and perceived risk regarding each one of the three sensitive actions (i.e., banking, health, personally identifiable information). These questions were asked prior to mentioning any authentication methods, in order to ascertain participants’ baseline risk and security perceptions regarding these general situations.
On the next page, the survey introduced the seven authentication methods. We asked participants their level of familiarity, use, and experience with each of these seven authentication methods.
To reduce potential survey fatigue, we asked participants questions regarding only one of the seven authentication methods for the remainder of the survey. In Qualtrics, we used randomization to assign which of the seven methods any given participant would see in both the scenarios and other questions in the last part of the survey. Before the scenarios, we asked participants their perceptions of trust, convenience, ease of use, and usefulness for the given authentication method that was assigned to them. Participants then read each of the three scenarios and a set of questions corresponding to each scenario, asking the perceptions of risk and security concerns for that given scenario. We solicited demographic information on the last page of the survey.
Survey Items
- Privacy Concerns - adapted from Dinev and Hart (2004) - 5 point Likert scale ranging from Strongly Disagree to Strongly Agree
- I am concerned that the information I submit on the Internet could be misused.
- I am concerned that credit card information can be stolen while being transferred on the Internet.
- I am concerned about submitting information on the Internet, because of what others might do with it.
- I am concerned about submitting information on the Internet, because it could be used in a way I did not foresee.
- When I am online, I have the feeling of being watched.
- When I am online, I have the feeling that all my actions are being tracked and monitored.
- I am concerned that a person can find out personal information about me when I am online.
- I am concerned that the information I submit on the Internet could be misused.
- Authentication self-efficacy - adapted Computer Self-efficacy scale from Compeau & Higgins (1995) - 5 point Likert scale ranging from Not confident to Confident
- Imagine you were given a new authentication method to use on your mobile device - one that you have never used before. The following questions ask you to indicate whether you could use this unfamiliar authentication method under a variety of conditions. For each condition, please rate your confidence regarding whether you think you would be able to successfully use the authentication method. I could successfully use the authentication method on my device…
- … if there was no one around to tell me what to do as I go.
- … if I had never used a method like it before.
- … if I had only a manual for reference.
- … if I had seen someone else using it before trying it myself.
- … if I could call someone for help if I got stuck.
- … if someone else had helped me get started.
- … if I had a lot of time to complete the task on the device where it was used.
- … if I had just the built-in help facility for assistance.
- … if someone showed me how to do it first.
- … if I had used similar methods before this one to do the same job.
- … if there was no one around to tell me what to do as I go.
- Imagine you were given a new authentication method to use on your mobile device - one that you have never used before. The following questions ask you to indicate whether you could use this unfamiliar authentication method under a variety of conditions. For each condition, please rate your confidence regarding whether you think you would be able to successfully use the authentication method. I could successfully use the authentication method on my device…
- Innovativeness in IT - adapted from Yi, et al. (2006) - 5 point Likert scale ranging from Strongly Disagree to Strongly Agree
- If I heard about a new information technology, I would look for ways to experiment with it.
- Among my peers, I am usually the first to try out new information technologies.
- I like to experiment with new information technologies.
- If I heard about a new information technology, I would look for ways to experiment with it.
- Authentication Method Familiarity: How familiar are you with each of the following authentication methods? - 5 point Likert scale ranging from Not Familiar at All to Extremely Familiar
- Authentication Method History: During the time you have used a mobile device (e.g., smartphone, tablet) anytime in the past, how often have you used each of the authentication methods listed below to access your device? - 5 point Likert scale ranging from Never to Always
- Authentication Method Current Use: On any mobile devices (e.g., smartphone, tablet) that you CURRENTLY own or use, which of the authentication methods listed below do you use to access your device? [I currently use this method / I do not use this method]
- Authentication Method Availability: On any mobile devices (e.g., smartphone, tablet) that you CURRENTLY own or use, which of the authentication methods listed below are available for your use (regardless of whether or not you use them)? [This is available to me / This is not available to me / I don't know if this is available to me]
- Risk Perceptions - adapted from Pavlou (2003) - 5 point Likert scale
- How would you characterize the decision to complete this action on a mobile device? [1-Insignificant risk / 5-Significant Risk]
- How would you characterize the decision to complete this action on a mobile device? [1-Very negative / 5-Very positive]
- How would you characterize the decision to complete this action on a mobile device? [1-High potential for loss / 5-High potential for gain]
- How would you characterize the decision to complete this action on a mobile device? [1-Insignificant risk / 5-Significant Risk]
- Security Concerns - adapted from Ogbanufe and Kim (2018) - 5 point Likert scale
- I feel that completing this action on a mobile device would be: [1-Unsafe / 5-Safe]
- I feel that completing this action on a mobile device would be: [1-Not secure / 5-Secure]
- I feel that completing this action on a mobile device would be: [1-Protected / 5-Unprotected]
- I feel that completing this action on a mobile device would be: [1-Unsafe / 5-Safe]
- Perceived usefulness - adapted from Davis (1989) - 5 point Likert scale ranging from Strongly Disagree to Strongly Agree
- Using this authentication method would enable me to securely accomplish tasks more quickly.
- Using this authentication method would improve my ability to securely accomplish tasks.
- Using this authentication method would increase my ability to be productive in a safe environment.
- Using this authentication method would enhance my effectiveness in securely completing tasks.
- Using this authentication method would make it easier to securely accomplish tasks.
- I would find this authentication method useful to securely accomplish tasks.
- Using this authentication method would enable me to securely accomplish tasks more quickly.
- Trusting intentions - adapted from McKnight (2002) Willingness to Depend items - 5 point Likert scale ranging from Strongly Disagree to Strongly Agree
- On mobile devices where I complete a task that needs to be secure, I would feel comfortable depending on this authentication method.
- I can always rely on this authentication method when I use a mobile device to complete a task that needs to be secure.
- I feel that I can count on this authentication method to help when I use a mobile device to complete a task that needs to be secure.
- On mobile devices where I complete tasks that need to be secure, I would use this authentication method.
- On mobile devices where I complete a task that needs to be secure, I would feel comfortable depending on this authentication method.
- Convenience - adapted from Ogbanufe and Kim (2018) - 5 point Likert scale
- I feel that this method of authentication is: [1-Difficulty / 5-Easy]
- I feel that this method of authentication is: [1-Inconvenient / 5-Convenient]
- I feel that this method of authentication is: [1-Time-consuming / 5-Fast]
- I feel that this method of authentication is: [1-Difficulty / 5-Easy]
- Ease of use - adapted from Davis (1989) - 5 point Likert scale ranging from Strongly Disagree to Strongly Agree
- Learning to use this authentication method would be easy for me.
- I would find it easy to get this authentication method to do what I want it to do.
- My interaction with this authentication method would be clear and understandable.
- I would find this authentication method to be flexible to interact with.
- It would be easy for me to become skillful at using this authentication method.
- I would find this authentication method easy to use.
- Learning to use this authentication method would be easy for me.
- Behavioral intentions - adpated from Barlow, et al. (2018) - 5 point Likert scale ranging from Strongly Disagree to Strongly Agree
- In this situation, I would do the same as Joe.
- If I were Joe, I would have also used my smartphone with this level of authentication to complete this action.
- I think I would do what Joe did.
- I think others would do the same if they were Joe.
- In this situation, I would do the same as Joe.
References
- Barlow, J. B., Warkentin, M., Ormond, D., and Dennis, A. 2018. "Don’t even think about it! The effects of antineutralization, informational, and normative communication on information security compliance," Journal of the Association for Information Systems (19:8), p. 3.
- Compeau, D. R., and Higgins, C. A. 1995. "Computer self-efficacy: Development of a measure and initial test," MIS Quarterly (19:2), pp. 189-211.
- Dinev, T., and Hart, P. 2004. "Internet privacy concerns and their antecedents-measurement validity and a regression model," Behaviour & Information Technology (23:6), pp. 413-422.
- McKnight, D. H., Choudhury, V., and Kacmar, C. 2002. "Developing and validating trust measures for e-commerce: An integrative typology," Information Systems Research (13:3), pp. 334-359.
- Ogbanufe, O., and Kim, D. J. 2018. "Comparing fingerprint-based biometrics authentication versus traditional authentication methods for e-payment," Decision Support Systems (106), pp. 1-14.
- Pavlou, P. A. 2003. "Consumer acceptance of electronic commerce: Integrating trust and risk with the technology acceptance model," International Journal of Electronic Commerce (7:3), pp. 101-134.
- Yi, M. Y., Jackson, J. D., Park, J. S., and Probst, J. C. 2006. "Understanding information technology acceptance by individual professionals: Toward an integrative view," Information & Management (43:3), pp. 350-363.