We examine the effect of information security policy on the likelihood of password sharing in a simulated work environment where ethical values are also expected to guide individuals to do the “right thing.” Graduate and undergraduate students who participated in our study received a “reminder” of the organizational information security policy or a “reminder” of the code of ethics while they were completing the experimental tasks. All participants were asked to share their password with their trusted assistant; the password was either for their desktop or for a spreadsheet containing sensitive customer information. Our results suggest that presenting the organizational information security policy was associated with a lower likelihood of password sharing than presenting the code of ethics. In addition, the participants did not differentiate between the type of password requested for desktop access and for spreadsheet access. Our study provides timely and practical insights to improve security of systems.

Data Availability: Data available from the first author.

You do not currently have access to this content.