Behavior Ever Follows Intention? A Validation of the Security Behavior Intentions Scale (SeBIS)

TitleBehavior Ever Follows Intention? A Validation of the Security Behavior Intentions Scale (SeBIS)
Publication TypeConference Paper
Year of Publication2016
AuthorsEgelman, S., Harbach M., & Peer E.
Published inProceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’16)
Place PublishedNew York, NY, USA

The Security Behavior Intentions Scale (SeBIS) measures the computer security attitudes of end-users. Because intentions are a prerequisite for planned behavior, the scale could therefore be useful for predicting users’ computer security behaviors. We performed three experiments to identify correlations between each of SeBIS’s four sub-scales and relevant computer security behaviors. We found that testing high on the awareness sub-scale correlated with correctly identifying a phishing website; testing high on the passwords sub-scale correlated with creating passwords that could not be quickly cracked; testing high on the updating sub-scale correlated with applying software updates; and testing high on the securement sub-scale correlated with smartphone lock screen usage (e.g., PINs). Our results indicate that SeBIS predicts certain computer security behaviors and that it is a reliable and valid tool that should be used in future research.


We would like to thank the PhoneLab team at the University of Buffalo and the Password Guessability Service at Carnegie Mellon University for their support in gathering the data. This work was supported by the FITweltweit program of the German Academic Exchange Service (DAAD); U.S. National Science Foundation awards CNS-1343433, CNS-1343451, and CNS-1528070; U.S. National Security Agency Lablet contract H98230-14-C-0140; and U.S.-Israel Binational Science Foundation award 2014626.

ICSI Research Group

Usable Security and Privacy