sponsors
usenix conference policies
You are here
Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes
Alain Forget, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor, Carnegie Mellon University; Serge Egelman and Marian Harbach, International Computer Science Institute; Rahul Telang, Carnegie Mellon University
Computer security problems often occur when there are disconnects between users' understanding of their role in computer security and what is expected of them. To help users make good security decisions more easily, we need insights into the challenges they face in their daily computer usage. We built and deployed the Security Behavior Observatory (SBO) to collect data on user behavior and machine configurations from participants' home computers. Combining SBO data with user interviews, this paper presents a qualitative study comparing users' attitudes, behaviors, and understanding of computer security to the actual states of their computers. Qualitative inductive thematic analysis of the interviews produced "engagement" as the overarching theme, whereby participants with greater engagement in computer security and maintenance did not necessarily have more secure computer states. Thus, user engagement alone may not be predictive of computer security. We identify several other themes that inform future directions for better design and research into security interventions. Our findings emphasize the need for better understanding of how users' computers get infected, so that we can more effectively design user-centered mitigations.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Alain Forget and Sarah Pearman and Jeremy Thomas and Alessandro Acquisti and Nicolas Christin and Lorrie Faith Cranor and Serge Egelman and Marian Harbach and Rahul Telang},
title = {Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes},
booktitle = {Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)},
year = {2016},
isbn = {978-1-931971-31-7},
address = {Denver, CO},
pages = {97--111},
url = {https://www.usenix.org/conference/soups2016/technical-sessions/presentation/forget},
publisher = {USENIX Association},
month = jun
}
connect with us