Online Security Behaviour: Factors Influencing Intention to Adopt Two-Factor Authentication

Two-factor authentication (2FA) is a protective technology designed to increase the security of online accounts. The enhanced security is achieved by using two layers of authentication to facilitate a login process so that should one layer become compromised (e.g. a password), the second layer will still ensure that the account is protected. Considering the prevalence of cybercrime and in particular, password attacks, it is important to examine the behaviour of individuals in terms of the effort they make to protect their online account(s). Studies surrounding 2FA have focused on the various technologies supporting it as well as issues concerning its usability and convenience. In general, users fail to protect themselves online due to the effort that is required. Enhanced security means increased effort and inconvenience, and although risks are present and perceived by Internet users, sufficient effort to protect their online accounts is not made. This study made use of a Protection Motivation Theory (PMT) approach in trying to understand the behaviour of Internet users surrounding their intentions to adopt 2FA to protect their online account(s). The PMT model is adapted to include an additional concept focusing on 'Technology Awareness'. Empirical data was collected using an online survey, with 209 responses analysed using Partial Least Squares Structural Equation Modelling (PLS-SEM). Results were in line with other protective technology literature in terms of the perception of online threat vulnerability and severity being less significant in determining behavioural intention than the perception of the technology itself. The results show that the perception of (1) the difficulty associated with using the 2FA technology (response costs) and (2) the effectiveness of the 2FA technology (response efficacy) prove to be significant in determining behavioural intention to adopt 2FA as protective technology. Lastly, awareness of online security issues and solutions was relevant in the adapted PMT model and significantly influenced intention.