Mattson, TomAurigemma, SalRen, Jie2022-12-272022-12-272023-01-03978-0-9981331-6-42ac33262-7226-4898-95df-7a970a72bf86https://hdl.handle.net/10125/103135Most of the theories used in the behavioral security literature explain the variance in intentions to act securely. Yet, individuals often fail to act on their intentions. This disconnect is referred to as the intention-behavior gap. Most theories propose a single structural path between intentions and actual behaviors with the expectation that individuals will act on their intentions. The purpose of our paper is to investigate this intention-behavior gap in the context of the volitional adoption of information security technologies. To do so, we conducted a two-phased qualitative study of the adoption of a two-factor authentication (2FA) service. In our bottom-up investigation, we discovered emergent themes related to the four functional areas of attitudes (i.e., functional attitude theory). Our paper contributes to the behavioral security literature by suggesting that individuals must change their negative attitudes related to different functional areas to start to reduce the intention-behavior gap.10engAttribution-NonCommercial-NoDerivatives 4.0 InternationalInnovative Behavioral IS Security and Privacy Research2fa servicesand functional theory of attitudesbehavioral information securityintention-behavior gaptext10.24251/HICSS.2023.504