A Promise Is A Promise: The Effect Of Commitment Devices On Computer Security Intentions

TitleA Promise Is A Promise: The Effect Of Commitment Devices On Computer Security Intentions
Publication TypeConference Paper
Year of Publication2019
AuthorsFrik, A., Malkin N., Harbach M., Peer E., & Egelman S.
Published inProceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI 2019)

Commitment devices are a technique from behavioral economics that have been shown to mitigate the effects of present bias—the tendency to discount future risks and gains in favor of immediate gratifications. In this paper, we explore the feasibility of using commitment devices to nudge users towards complying with varying online security mitigations. Using two online experiments, with over 1,000 participants total, we offered participants the option to be reminded or to schedule security tasks in the future. We find that both reminders and commitment nudges can increase users’ intentions to install security updates and enable two-factor authentication, but not to configure automatic backups. Using qualitative data, we gain insights into the reasons for postponement and how to improve future nudges. We posit that current nudges may not live up to their full potential, as the timing options offered to users may be too rigid. 


This work was made possible by the U.S. National Science Foundation through grants CNS-1528070 and CNS-1817249, the U.S.–Israel Binational Science Foundation through grants 2014626 and 2017751, the Center of Long-Term Cybersecurity (CLTC) at U.C. Berkeley, as well as feedback from Arunesh Mathur and Refjohürs Lykkewe. 

ICSI Research Group

Usable Security and Privacy