MIGRANT

Abstract

Password manager applications have the potential to alleviate password pain and improve password strength, yet they are not widely adopted. Password managers are dissimilar to other kinds of software tools, given that the leakage of the credentials they store could give a hacker access to all the individual's online accounts. Moreover, adoption requires a deliberate switch away from an existing (manual) password management routine. As such, traditional technology adoption models are unlikely to model password manager adoption accurately. In this paper, we propose and explain how we validated a theoretical model of smartphone password manager adoption. We commenced by carrying out exploratory interviews with 30 smartphone owners to identify factors that influence adoption. These were used to develop a model that reflects the password manager adoption process, building on migration theory. The proposed model, MIGRANT (MIGRation pAssword maNager adopTion), was validated and subsequently refined in a week-long study with 198 smartphone owners, combining self-report and observation to measure constructs. This study contributes to the information security behavioral literature by isolating the main factors that encourage or deter password manager adoption, and those that moor smartphone owners in their current practices, hindering switching. With this investigation, we introduce migration theory as a reference theory for future studies in the information security behavioral field.