User Security Needs

会議の名前
CHI 2024
A First Look into Targeted Clickbait and its Countermeasures: The Power of Storytelling
要旨

Clickbait headlines work through superlatives and intensifiers, creating information gaps to increase the relevance of their associated links that direct users to time-wasting and sometimes even malicious websites. This approach can be amplified using targeted clickbait that takes publicly available information from social media to align clickbait to users' preferences and beliefs. In this work, we first conducted preliminary studies to understand the influence of targeted clickbait on users' clicking behavior. Based on our findings, we involved 24 users in the participatory design of story-based warnings against targeted clickbait. Our analysis of user-created warnings led to four design variations, which we evaluated through an online survey over Amazon Mechanical Turk. Our findings show the significance of integrating information with persuasive narratives to create effective warnings against targeted clickbait. Overall, our studies provide valuable insights into understanding users' perceptions and behaviors towards targeted clickbait, and the efficacy of story-based interventions.

著者
Ankit Shrestha
Utah State University, Logan, Utah, United States
Audrey Flood
Utah State University, Logan, Utah, United States
Saniat Sohrawardi
Rochester Institute of Technology, Rochester, New York, United States
Matthew Wright
Rochester Institute of Technology, Rochester, New York, United States
Mahdi Nasrullah Al-Ameen
Utah State University, Logan, Utah, United States
論文URL

https://doi.org/10.1145/3613904.3642301

動画
Not as easy as just update: Survey of System Administrators and Patching Behaviours
要旨

Patching software theoretically leads to improvements including security critical changes, but it can also lead to new issues. For System Administrators (sysadmins) new issues can negatively impact operations at their organization. While mitigation options like test environments exist, little is known about their prevalence or how contextual factors like size of organization impact the practice of Patch Management. We surveyed 220 sysadmins engaged in Patch Management to investigate self-reported behaviors. We found that dedicated testing environments are not as prevalent as previously assumed. We also expand on known behaviours that sysadmins perform when facing a troublesome patch, such as employing a range of problem solving behaviours to inform their patching decisions.

著者
Adam D G. Jenkins
King's College London, London, United Kingdom
Linsen Liu
University of Edinburgh, Edinburgh, United Kingdom
Maria K. Wolters
OFFIS, Oldenburg, Germany
Kami Vaniea
Uniersity of Waterloo, Waterloo, Ontario, Canada
論文URL

https://doi.org/10.1145/3613904.3642456

動画
Understanding User-Perceived Security Risks and Mitigation Strategies in the Web3 Ecosystem
要旨

The advent of Web3 technologies promises unprecedented levels of user control and autonomy. However, this decentralization shifts the burden of security onto the users, making it crucial to understand their security behaviors and perceptions. To address this, our study introduces a comprehensive framework that identifies four core components of user interaction within the Web3 ecosystem: blockchain infrastructures, Web3-based Decentralized Applications (DApps), online communities, and off-chain cryptocurrency platforms. We delve into the security concerns perceived by users in each of these components and analyze the mitigation strategies they employ, ranging from risk assessment and aversion to diversification and acceptance. We further discuss the landscape of both technical and human-induced security risks in the Web3 ecosystem, identify the unique security differences between Web2 and Web3, and highlight key challenges that render users vulnerable, to provide implications for security design in Web3.

著者
Janice Jianing SI
University of Macau, Macao, China
Tanusree Sharma
University of Illinois at Urbana-Champaign, Champaign, Illinois, United States
Kanye Ye WANG
University of Macau, Macao, China
論文URL

https://doi.org/10.1145/3613904.3642291

動画
Self-Efficacy and Security Behavior: Results from a Systematic Review of Research Methods
要旨

Amidst growing IT security challenges, psychological underpinnings of security behaviors have received considerable interest, e.g. cybersecurity Self-Efficacy (SE), the belief in one’s own ability to enact cybersecurity-related skills. Due to diverging definitions and proposed mechanisms, research methods in this field vary considerably, potentially impeding replicable evidence and meaningful research synthesis. We report a preregistered systematic literature review investigating (a) cybersecurity SE measures, (b) SE’s proposed roles, and (c) intervention approaches. We minimized selection bias by detailed exclusion criteria, interdisciplinary search strategy, and double coding. Among 174 cybersecurity SE studies (2010-2021) from 18 databases with 55,758 subjects, we identified 173 different SE measures with considerable differences in psychometric quality and validity evidence. We found 276 variables as assumed causes/outcomes of cybersecurity SE and identified 13 intervention designs. This review demonstrates the extent of methodological and conceptual fragmentation in cybersecurity SE research. We offer recommendations to inspire our research community toward standardization.

著者
Nele Borgert
Ruhr University Bochum, Bochum, Germany
Luisa Jansen
Ruhr University Bochum, Bochum, Germany
Imke Böse
Ruhr University Bochum, Bochum, Germany
Jennifer Friedauer
Ruhr University Bochum, Bochum, Germany
Angela Sasse
Ruhr University Bochum, Bochum, Germany
Malte Elson
University of Bern, Bern, Switzerland
論文URL

https://doi.org/10.1145/3613904.3642432

動画
A Comparative Long-Term Study of Fallback Authentication Schemes
要旨

Fallback authentication, the process of re-establishing access to an account when the primary authenticator is unavailable, holds critical significance. Approaches range from secondary channels like email and SMS to personal knowledge questions (PKQs) and social authentication. A key difference to primary authentication is that the duration between enrollment and authentication can be much longer, typically months or years. However, few systems have been studied over extended timeframes, making it difficult to know how well these systems truly help users recover their accounts. We also lack meaningful comparisons of schemes as most prior work examined two mechanisms at most. We report the results of a long-term user study of the usability of fallback authentication over 18 months to provide a fair comparison of the four most commonly used fallback authentication methods. We show that users prefer email and SMS-based methods, while mechanisms based on PKQs and trustees lag regarding successful resets and convenience.

受賞
Honorable Mention
著者
Leona Lassak
Ruhr University Bochum, Bochum, Germany
Philipp Markert
Ruhr University Bochum, Bochum, Germany
Maximilian Golla
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Elizabeth Stobert
Carleton University, Ottawa, Ontario, Canada
Markus Dürmuth
Leibniz University Hannover, Hannover, Germany
論文URL

https://doi.org/10.1145/3613904.3642889

動画