Do people always like to use more secured information systems? More restrictive measures protect information integrity and user privacy in a better way but they make the systems less convenient to use. This study tries to investigate this question by developing a construct so-called user information security readiness that measure how willing and prepared users are to adopt the security measures and study its relationship with the level of information security measures. It is hypothesized that the relationship is moderated by how important the information is to the user, or information criticality. Data were collected from a web-based experiment on security readiness towards different levels of user authentication measures for different types of information systems. The preliminary result suggests that only when the information is relatively critical to the users does the strengthening of security measures enhance their information security readiness.