In the face of rising cybersecurity threats, many internet users continue to neglect essential security actions, such as installing updates or changing compromised passwords. A new study led by Prof. Eyal Pe'er from the Federmann School of Public Policy at the Hebrew University of Jerusalem reveals that offering users the option to delay these tasks, combined with commitment nudges and reminders, significantly increases the likelihood of users eventually completing these important actions.

The findings are published in the journal ACM Transactions on Computer-Human Interaction.

The research, conducted through a series of online experiments, focused on understanding how these "nudges" could affect users' willingness to change a compromised password. The findings are promising: When given the option to delay the task, a considerable number of participants chose to change their password later, resulting in a higher overall compliance rate without considerably reducing the number of users who opted to change their password immediately.

The study found that participants who made a promise to change their password later or requested a reminder were much more likely to follow through on their . The effect was further enhanced when participants were reminded of their previous commitment, leading to a net positive impact on cybersecurity behavior.

"Security tasks often interrupt users at inconvenient times, leading to procrastination or outright neglect," explained Prof. Pe'er. "Our shows that by allowing users to delay these and commit to completing them later, we can significantly increase the rate at which users complete critical security actions. This approach offers a practical behavioral solution to a common problem in online security."

The implications of this study are far-reaching, offering a simple yet effective strategy to improve cybersecurity compliance among . By incorporating delay options and commitment nudges into security protocols, and services can better protect their users from potential threats.

More information: Eyal Peer et al, "Protect Me Tomorrow": Commitment Nudges to Remedy Compromised Passwords, ACM Transactions on Computer-Human Interaction (2024). DOI: 10.1145/3689038

