Eiji Hayashi, Oriana Riva, K. Strauss, A. Brush, Stuart E. Schechter
Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users' preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants' interest in new access control mechanisms designed specifically to facilitate device sharing. Fourteen participants out of 20 preferred these controls to existing security locks alone. Finally, we gauged participants' interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.
{"title":"Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications","authors":"Eiji Hayashi, Oriana Riva, K. Strauss, A. Brush, Stuart E. Schechter","doi":"10.1145/2335356.2335359","DOIUrl":"https://doi.org/10.1145/2335356.2335359","url":null,"abstract":"Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users' preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants' interest in new access control mechanisms designed specifically to facilitate device sharing. Fourteen participants out of 20 preferred these controls to existing security locks alone. Finally, we gauged participants' interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125271123","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Text-based password systems are the authentication mechanism most commonly used on computer systems. Graphical passwords have recently been proposed because the pictorial-superiority effect suggests that people have better memory for images. The most widely advocated graphical password systems are based on recognition rather than recall. This approach is favored because recognition is a more effective manner of retrieval than recall, exhibiting greater accuracy and longevity of material. However, schemes such as these combine both the use of graphical images and the use of recognition as a retrieval mechanism. This paper reports on a study that sought to address this confound by exploring the recognition of text as a novel means of authentication. We hypothesized that there would be significant differences between text recognition and text recall conditions. Our study, however, showed that the conditions were comparable; we found no significant difference in memorability. Furthermore, text recognition required more time to authenticate successfully.
{"title":"Do you see your password?: applying recognition to textual passwords","authors":"Nicholas Wright, Andrew S. Patrick, R. Biddle","doi":"10.1145/2335356.2335367","DOIUrl":"https://doi.org/10.1145/2335356.2335367","url":null,"abstract":"Text-based password systems are the authentication mechanism most commonly used on computer systems. Graphical passwords have recently been proposed because the pictorial-superiority effect suggests that people have better memory for images. The most widely advocated graphical password systems are based on recognition rather than recall. This approach is favored because recognition is a more effective manner of retrieval than recall, exhibiting greater accuracy and longevity of material. However, schemes such as these combine both the use of graphical images and the use of recognition as a retrieval mechanism. This paper reports on a study that sought to address this confound by exploring the recognition of text as a novel means of authentication. We hypothesized that there would be significant differences between text recognition and text recall conditions. Our study, however, showed that the conditions were comparable; we found no significant difference in memorability. Furthermore, text recognition required more time to authenticate successfully.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"109 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131054332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We measure users' attitudes toward interpersonal privacy concerns on Facebook and measure users' strategies for reconciling their concerns with their desire to share content online. To do this, we recruited 260 Facebook users to install a Facebook application that surveyed their privacy concerns, their friend network compositions, the sensitivity of posted content, and their privacy-preserving strategies. By asking participants targeted questions about people randomly selected from their friend network and posts shared on their profiles, we were able to quantify the extent to which users trust their "friends" and the likelihood that their content was being viewed by unintended audiences. We found that while strangers are the most concerning audience, almost 95% of our participants had taken steps to mitigate those concerns. At the same time, we observed that 16.5% of participants had at least one post that they were uncomfortable sharing with a specific friend---someone who likely already had the ability to view it---and that 37% raised more general concerns with sharing their content with friends. We conclude that the current privacy controls allow users to effectively manage the outsider threat, but that they are unsuitable for mitigating concerns over the insider threat---members of the friend network who dynamically become inappropriate audiences based on the context of a post.
{"title":"Facebook and privacy: it's complicated","authors":"Maritza L. Johnson, Serge Egelman, S. Bellovin","doi":"10.1145/2335356.2335369","DOIUrl":"https://doi.org/10.1145/2335356.2335369","url":null,"abstract":"We measure users' attitudes toward interpersonal privacy concerns on Facebook and measure users' strategies for reconciling their concerns with their desire to share content online. To do this, we recruited 260 Facebook users to install a Facebook application that surveyed their privacy concerns, their friend network compositions, the sensitivity of posted content, and their privacy-preserving strategies. By asking participants targeted questions about people randomly selected from their friend network and posts shared on their profiles, we were able to quantify the extent to which users trust their \"friends\" and the likelihood that their content was being viewed by unintended audiences. We found that while strangers are the most concerning audience, almost 95% of our participants had taken steps to mitigate those concerns. At the same time, we observed that 16.5% of participants had at least one post that they were uncomfortable sharing with a specific friend---someone who likely already had the ability to view it---and that 37% raised more general concerns with sharing their content with friends. We conclude that the current privacy controls allow users to effectively manage the outsider threat, but that they are unsuitable for mitigating concerns over the insider threat---members of the friend network who dynamically become inappropriate audiences based on the context of a post.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124411686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Non-expert computer users regularly need to make security-relevant decisions; however, these decisions tend not to be particularly good or sophisticated. Nevertheless, their choices are not random. Where does the information come from that these non-experts base their decisions upon? We argue that much of this information comes from stories they hear from other people. We conducted a survey to ask open- and closed- ended questions about security stories people hear from others. We found that most people have learned lessons from stories about security incidents informally from family and friends. These stories impact the way people think about security, and their subsequent behavior when making security-relevant decisions. In addition, many people retell these stories to others, indicating that a single story has the potential to influence multiple people. Understanding how non-experts learn from stories, and what kinds of stories they learn from, can help us figure out new methods for helping these people make better security decisions.
{"title":"Stories as informal lessons about security","authors":"E. Rader, Rick Wash, Brandon Brooks","doi":"10.1145/2335356.2335364","DOIUrl":"https://doi.org/10.1145/2335356.2335364","url":null,"abstract":"Non-expert computer users regularly need to make security-relevant decisions; however, these decisions tend not to be particularly good or sophisticated. Nevertheless, their choices are not random. Where does the information come from that these non-experts base their decisions upon? We argue that much of this information comes from stories they hear from other people. We conducted a survey to ask open- and closed- ended questions about security stories people hear from others. We found that most people have learned lessons from stories about security incidents informally from family and friends. These stories impact the way people think about security, and their subsequent behavior when making security-relevant decisions. In addition, many people retell these stories to others, indicating that a single story has the potential to influence multiple people. Understanding how non-experts learn from stories, and what kinds of stories they learn from, can help us figure out new methods for helping these people make better security decisions.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127925758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Users are sharing and consuming enormous amounts of information through online social network interaction every day. Yet, many users struggle to control what they share to their overlapping social spheres. Google+ introduces circles, a mechanism that enables users to group friends and use these groups to control their social network feeds and posts. We present the results of a qualitative interview study on the sharing perceptions and behavior of 27 Google+ users. These results indicate that many users have a clear understanding of circles, using them to target information to those most interested in it. Yet, despite these positive perceptions, there is only moderate use of circles to control information flow. We explore reasons and risks associated with these behaviors and provide insight on the impact and open questions of this privacy mechanism.
{"title":"+Your circles: sharing behavior on Google+","authors":"J. Watson, Andrew Besmer, H. Lipford","doi":"10.1145/2335356.2335373","DOIUrl":"https://doi.org/10.1145/2335356.2335373","url":null,"abstract":"Users are sharing and consuming enormous amounts of information through online social network interaction every day. Yet, many users struggle to control what they share to their overlapping social spheres. Google+ introduces circles, a mechanism that enables users to group friends and use these groups to control their social network feeds and posts. We present the results of a qualitative interview study on the sharing perceptions and behavior of 27 Google+ users. These results indicate that many users have a clear understanding of circles, using them to target information to those most interested in it. Yet, despite these positive perceptions, there is only moderate use of circles to control information flow. We explore reasons and risks associated with these behaviors and provide insight on the impact and open questions of this privacy mechanism.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128726984","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Patil, Gregory Norcie, Apu Kapadia, Adam J. Lee
Rapid growth in the usage of location-aware mobile phones has enabled mainstream adoption of location-sharing services (LSS). Integration with social-networking services (SNS) has further accelerated this trend. To uncover how these developments have shaped the evolution of LSS usage, we conducted an online study (N = 362) aimed at understanding the preferences and practices of LSS users in the US. We found that the main motivations for location sharing were to connect and coordinate with one's social and professional circles, to project an interesting image of oneself, and to receive rewards offered for 'checking in.' Respondents overwhelmingly preferred sharing location only upon explicit action. More than a quarter of the respondents recalled at least one instance of regret over revealing their location. Our findings suggest that privacy considerations in LSS are affected due to integration within SNS platforms and by transformation of location sharing into an interactive practice that is no longer limited only to finding people based on their whereabouts. We offer design suggestions, such as delayed disclosure and conflict detection, to enhance privacy-management capabilities of LSS.
{"title":"Reasons, rewards, regrets: privacy considerations in location sharing as an interactive practice","authors":"S. Patil, Gregory Norcie, Apu Kapadia, Adam J. Lee","doi":"10.1145/2335356.2335363","DOIUrl":"https://doi.org/10.1145/2335356.2335363","url":null,"abstract":"Rapid growth in the usage of location-aware mobile phones has enabled mainstream adoption of location-sharing services (LSS). Integration with social-networking services (SNS) has further accelerated this trend. To uncover how these developments have shaped the evolution of LSS usage, we conducted an online study (N = 362) aimed at understanding the preferences and practices of LSS users in the US. We found that the main motivations for location sharing were to connect and coordinate with one's social and professional circles, to project an interesting image of oneself, and to receive rewards offered for 'checking in.' Respondents overwhelmingly preferred sharing location only upon explicit action. More than a quarter of the respondents recalled at least one instance of regret over revealing their location. Our findings suggest that privacy considerations in LSS are affected due to integration within SNS platforms and by transformation of location sharing into an interactive practice that is no longer limited only to finding people based on their whereabouts. We offer design suggestions, such as delayed disclosure and conflict detection, to enhance privacy-management capabilities of LSS.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130801666","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In order to direct and build an effective, secure mobile ecosystem, we must first understand user attitudes toward security and privacy for smartphones and how they may differ from attitudes toward more traditional computing systems. What are users' comfort levels in performing different tasks? How do users select applications? What are their overall perceptions of the platform? This understanding will help inform the design of more secure smartphones that will enable users to safely and confidently benefit from the potential and convenience offered by mobile platforms.� To gain insight into user perceptions of smartphone security and installation habits, we conduct a user study involving 60 smartphone users. First, we interview users about their willingness to perform certain tasks on their smartphones to test the hypothesis that people currently avoid using their phones due to privacy and security concerns. Second, we analyze why and how they select applications, which provides information about how users decide to trust applications. Based on our findings, we present recommendations and opportunities for services that will help users safely and confidently use mobile applications and platforms.
{"title":"Measuring user confidence in smartphone security and privacy","authors":"Erika Chin, A. Felt, V. Sekar, D. Wagner","doi":"10.1145/2335356.2335358","DOIUrl":"https://doi.org/10.1145/2335356.2335358","url":null,"abstract":"In order to direct and build an effective, secure mobile ecosystem, we must first understand user attitudes toward security and privacy for smartphones and how they may differ from attitudes toward more traditional computing systems. What are users' comfort levels in performing different tasks? How do users select applications? What are their overall perceptions of the platform? This understanding will help inform the design of more secure smartphones that will enable users to safely and confidently benefit from the potential and convenience offered by mobile platforms.\u0000 To gain insight into user perceptions of smartphone security and installation habits, we conduct a user study involving 60 smartphone users. First, we interview users about their willingness to perform certain tasks on their smartphones to test the hypothesis that people currently avoid using their phones due to privacy and security concerns. Second, we analyze why and how they select applications, which provides information about how users decide to trust applications. Based on our findings, we present recommendations and opportunities for services that will help users safely and confidently use mobile applications and platforms.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134164005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Blase Ur, P. Leon, L. Cranor, Richard Shay, Yang Wang
We report results of 48 semi-structured interviews about online behavioral advertising (OBA). We investigated non-technical users' attitudes about and understanding of OBA, using participants' expectations and beliefs to explain their attitudes. Participants found OBA to be simultaneously useful and privacy invasive. They were surprised to learn that browsing history is currently used to tailor advertisements, yet they were aware of contextual targeting.� Our results identify mismatches between participants' mental models and current approaches for providing users with notice and choice about OBA. Participants misinterpreted icons intended to notify them about behavioral targeting and expected that they could turn to their browser or antivirus software to control OBA. Participants had strong concerns about data collection, and the majority of participants believed that advertisers collect personally identifiable information. They also misunderstood the role of advertising networks, basing their opinions of an advertising network on that company's non-advertising activities. Participants' attitudes towards OBA were complex and context-dependent. While many participants felt tailored advertising could benefit them, existing notice and choice mechanisms are not effectively reaching users.
{"title":"Smart, useful, scary, creepy: perceptions of online behavioral advertising","authors":"Blase Ur, P. Leon, L. Cranor, Richard Shay, Yang Wang","doi":"10.1145/2335356.2335362","DOIUrl":"https://doi.org/10.1145/2335356.2335362","url":null,"abstract":"We report results of 48 semi-structured interviews about online behavioral advertising (OBA). We investigated non-technical users' attitudes about and understanding of OBA, using participants' expectations and beliefs to explain their attitudes. Participants found OBA to be simultaneously useful and privacy invasive. They were surprised to learn that browsing history is currently used to tailor advertisements, yet they were aware of contextual targeting.\u0000 Our results identify mismatches between participants' mental models and current approaches for providing users with notice and choice about OBA. Participants misinterpreted icons intended to notify them about behavioral targeting and expected that they could turn to their browser or antivirus software to control OBA. Participants had strong concerns about data collection, and the majority of participants believed that advertisers collect personally identifiable information. They also misunderstood the role of advertising networks, basing their opinions of an advertising network on that company's non-advertising activities. Participants' attitudes towards OBA were complex and context-dependent. While many participants felt tailored advertising could benefit them, existing notice and choice mechanisms are not effectively reaching users.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115036628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Blase Ur, Timothy M. Vidas, Lujo Bauer, Nicolas Christin, L. Cranor
Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested as both secure and usable for decades. In a 1,476-participant online study, we explored the usability of 3- and 4-word system-assigned passphrases in comparison to system-assigned passwords composed of 5 to 6 random characters, and 8-character system-assigned pronounceable passwords. Contrary to expectations, system-assigned passphrases performed similarly to system-assigned passwords of similar entropy across the usability metrics we examined. Passphrases and passwords were forgotten at similar rates, led to similar levels of user difficulty and annoyance, and were both written down by a majority of participants. However, passphrases took significantly longer for participants to enter, and appear to require error-correction to counteract entry mistakes. Passphrase usability did not seem to increase when we shrunk the dictionary from which words were chosen, reduced the number of words in a passphrase, or allowed users to change the order of words.
{"title":"Correct horse battery staple: exploring the usability of system-assigned passphrases","authors":"Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Blase Ur, Timothy M. Vidas, Lujo Bauer, Nicolas Christin, L. Cranor","doi":"10.1145/2335356.2335366","DOIUrl":"https://doi.org/10.1145/2335356.2335366","url":null,"abstract":"Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested as both secure and usable for decades. In a 1,476-participant online study, we explored the usability of 3- and 4-word system-assigned passphrases in comparison to system-assigned passwords composed of 5 to 6 random characters, and 8-character system-assigned pronounceable passwords. Contrary to expectations, system-assigned passphrases performed similarly to system-assigned passwords of similar entropy across the usability metrics we examined. Passphrases and passwords were forgotten at similar rates, led to similar levels of user difficulty and annoyance, and were both written down by a majority of participants. However, passphrases took significantly longer for participants to enter, and appear to require error-correction to counteract entry mistakes. Passphrase usability did not seem to increase when we shrunk the dictionary from which words were chosen, reduced the number of words in a passphrase, or allowed users to change the order of words.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130311207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Fahl, M. Harbach, T. Muders, Matthew Smith, U. Sander
Several billion Facebook messages are sent every day. While there are many solutions to email security whose usability has been extensively studied, little work has been done in the area of message security for Facebook and even less on the usability aspects in this area. To evaluate the need for such a mechanism, we conducted a screening study with 514 participants, which showed a clear desire to protect private messages on Facebook. We therefore proceeded to analyse the usability of existing approaches and extracted key design decisions for further evaluation. Based on this analysis, we conducted a laboratory study with 96 participants to analyse different usability aspects and requirements of a Facebook message encryption mechanism. Two key findings of our study are that automatic key management and key recovery capabilities are important features for such a mechanism. Following on from these studies, we designed and implemented a usable service-based encryption mechanism for Facebook conversations. In a final study with 15 participants, we analysed the usability of our solution. All participants were capable of successfully encrypting their Facebook conversations without error when using our service, and the mechanism was perceived as usable and useful. The results of our work suggest that in the context of the social web, new security/usability trade-offs can be explored to protect users more effectively.
{"title":"Helping Johnny 2.0 to encrypt his Facebook conversations","authors":"S. Fahl, M. Harbach, T. Muders, Matthew Smith, U. Sander","doi":"10.1145/2335356.2335371","DOIUrl":"https://doi.org/10.1145/2335356.2335371","url":null,"abstract":"Several billion Facebook messages are sent every day. While there are many solutions to email security whose usability has been extensively studied, little work has been done in the area of message security for Facebook and even less on the usability aspects in this area. To evaluate the need for such a mechanism, we conducted a screening study with 514 participants, which showed a clear desire to protect private messages on Facebook. We therefore proceeded to analyse the usability of existing approaches and extracted key design decisions for further evaluation. Based on this analysis, we conducted a laboratory study with 96 participants to analyse different usability aspects and requirements of a Facebook message encryption mechanism. Two key findings of our study are that automatic key management and key recovery capabilities are important features for such a mechanism. Following on from these studies, we designed and implemented a usable service-based encryption mechanism for Facebook conversations. In a final study with 15 participants, we analysed the usability of our solution. All participants were capable of successfully encrypting their Facebook conversations without error when using our service, and the mechanism was perceived as usable and useful. The results of our work suggest that in the context of the social web, new security/usability trade-offs can be explored to protect users more effectively.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125133476","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: