Advanced search
Publication Cover
Behaviour & Information Technology Volume 37, 2018 - Issue 4
Submit an article Journal homepage
865
Views
12
CrossRef citations to date
0
Altmetric
Articles

An empirical study examining the perceptions and behaviours of security-conscious users of mobile authentication

Flynn Wolfa UMBC, Baltimore, MD, USAView further author information
,
Ravi Kubera UMBC, Baltimore, MD, USACorrespondence[email protected]
View further author information
&
Adam J Avivb USNA, Annapolis, MD, USAView further author information
Pages 320-334 | Received 28 Mar 2017, Accepted 29 Jan 2018, Published online: 15 Feb 2018

References

  • Adams, A., and M. A. Sasse. 1999. “Users are not the Enemy.” Communications of the ACM 42 (12): 40–46. doi:10.1145/322796.322806.
  • Asgharpour, F., D. Liu, and L. J. Camp. 2007. “Mental Models of Security Risks.” In Financial Cryptography and Data Security, Scarborough, Trinidad and Tobago, edited by S. Dietrich and R. Dhamija, 367–377. Berlin: Springer.
  • Aviv, A. J., and D. Fichter. 2014. “Understanding Visual Perceptions of Usability and Security of Android’s Graphical Password Pattern.” Proceedings of the 30th Annual Computer Security Applications Conference, 286–295. ACM, December. doi:10.1145/2664243.2664253.
  • Beautement, A., I. Becker, S. Parkin, K. Krol, and M. A. Sasse. 2016. “Productive Security: A Scalable Methodology for Analysing Employee Security Behaviours.” Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO.
  • Blythe, J., and L. J. Camp. 2012. “Implementing Mental Models.” IEEE Symposium on Security and Privacy Workshops (SPW), San Francisco, CA, USA, 86–90. IEEE, May.
  • Brase, G. L., E. Y. Vasserman, and W. Hsu. 2017. “Do Different Mental Models Influence Cybersecurity Behavior? Evaluations via Statistical Reasoning Performance.” Frontiers in Psychology 8. doi:10.3389/fpsyg.2017.01929.
  • Braun, V., and V. Clarke. 2013. Successful Qualitative Research: A Practical Guide for Beginners. London: Sage.
  • Bravo-Lillo, C., L. F. Cranor, J. Downs, and S. Komanduri. 2010. “Bridging the Gap in Computer Security Warnings: a Mental Model Approach.” IEEE Security & Privacy 2: 18–26. doi:10.1109/MSP.2010.198.
  • Brooks, D. J. 2011. “Security Risk Management: A Psychometric map of Expert Knowledge Structure.” Risk Management 13 (1–2): 17–41. doi: 10.1057/rm.2010.7
  • Bureau of Labor Statistics, U.S. Department of Labor. 2015. Occupational Outlook Handbook. 2016-17 ed. Information Security Analysts Job Outlook. Accessed 6 December 2016. http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm#tab-6.
  • Camp, L. J. 2009. “Mental Models of Privacy and Security.” IEEE Technology and Society Magazine 28 (3). doi: 10.1109/MTS.2009.934142
  • Chin, E., A. P. Felt, V. Sekar, and D. Wagner. 2012. “Measuring User Confidence in Smartphone Security and Privacy.” Proceedings of the Eighth Symposium on Usable Privacy and Security, Washington, DC. ACM, July.
  • Consumer Reports Magazine. 2013. “ Keep Your Phone Safe: How to Protect Yourself from Wireless Threats.” Accessed 7 December 2016. http://consumerreports.org/privacy0613.
  • De Luca, A., A. Hang, F. Brudy, C. Lindner, and H. Hussmann. 2012. “Touch Me Once and I Know It’s You!: Implicit Authentication Based on Touch Screen Patterns.” Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 987–996. ACM. doi:10.1145/2207676.2208544.
  • De Luca, A., E. von Zezschwitz, and H. Hussman. 2009. “Vibrapass: Secure Authentication Based on Shared Lies.” Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 913–916. ACM. doi:10.1145/1518701.1518840.
  • Diesner, J., P. Kumaraguru, and K. M. Carley. 2005. “Mental Models of Data Privacy and Security Extracted from Interviews with Indians.” 55th Annual Conference of the International Communication Association (ICA), New York, NY, May.
  • Egelman, S., S. Jain, R. S. Portnoff, K. Liao, S. Consolvo, and D. Wagner. 2014. “Are You Ready to Lock?” Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 750–761. ACM. doi:10.1145/2660267.2660273.
  • Fagan, M., and M. M. H. Khan. 2016. “Why Do They Do What They Do?: A Study of What Motivates Users to (Not) Follow Computer Security Advice.” Twelfth Symposium on Usable Privacy and Security (SOUPS 2016).
  • Ferreira, D., V. Kostakos, A. Beresford, J. Lindqvist, and A. K. Dey. 2015. “Securacy: An Empirical Investigation of Android Applications’ Network Usage, Privacy and Security.” Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 11. ACM. doi:10.1145/2766498.2766506.
  • Forget, A., S. Pearman, J. Thomas, A. Acquisti, N. Christin, L. F. Cranor, S. Egelman, M. Harbach, and R. Telang. 2016. “Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes.” Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO.
  • Friedman, B., D. Hurley, D. C. Howe, E. Felten, and H. Nissenbaum. 2002. “Users’ Conceptions of Web Security: A Comparative Study.” CHI’'02 Extended Abstracts on Human Factors in Computing Systems, 746–747. ACM. doi:10.1145/506443.506577.
  • Hang, A., A. De Luca, and H. Hussmann. 2015. “I Know What You Did Last Week! Do you?: Dynamic Security Questions for Fallback Authentication on Smartphones.” Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, 1383–1392. ACM. doi:10.1145/2702123.2702131.
  • Harbach, M., E. von Zezschwitz, A. Fichtner, A. De Luca, and M. Smith. 2014. “It’s a Hard Lock Life: A Field Study of Smartphone (un) Locking Behavior and Risk Perception.” Symposium on Usable Privacy and Security (SOUPS 2014), 213–230.
  • Imgraben, J., A. Engelbrecht, and K. K. R. Choo. 2014. “Always Connected, but are Smart Mobile Users Getting More Security Savvy? A Survey of Smart Mobile Device Users.” Behaviour & Information Technology 33 (12): 1347–1360. doi: 10.1080/0144929X.2014.934286
  • Intel Security and the Center for Strategic and International Studies. 2016. “Hacking the Skills Shortage: A Study of the International Shortage in Cybersecurity Skills.” Accessed 6 December 2016. http://www.mcafee.com/us/resources/reports/rp-hacking-skills-shortage.pdf.
  • Ion, I., R. Reeder, and S. Consolvo. 2015. ““ … No One Can Hack My Mind”: Comparing Expert and Non-expert Security Practices.” Eleventh Symposium on Usable Privacy and Security (SOUPS 2015), 327–346.
  • Kang, R., L. Dabbish, N. Fruchter, and S. Kiesler. 2015. “‘My Data Just Goes Everywhere:’ User Mental Models of the Internet and Implications for Privacy and Security.” Eleventh Symposium on Usable Privacy and Security (SOUPS 2015), 39–52.
  • Karatzouni, S., S. Furnell, N. Clarke, and R. A. Botha. 2007. “Perceptions of User Authentication on Mobile Devices.” Proceedings of the ISOneWorld Conference, Las Vegas, USA, April 11–13.
  • Lin, J., S. Amini, J. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. 2012. “Expectation and Purpose: Understanding Users’ Mental Models of Mobile app Privacy Through Crowdsourcing.” Proceedings of the 2012 ACM Conference on Ubiquitous Computing, 501–510. ACM. doi:10.1145/2370216.2370290.
  • Mare, S., M. Baker, and J. Gummeson. 2016. “A Study of Authentication in Daily Life.” Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO.
  • Melicher, W., D. Kurilova, S. M. Segreti, P. Kalvani, R. Shay, B. Ur, and M. Mazurek. 2016. “Usability and Security of Text Passwords on Mobile Devices.” Proceedings of the 2016 Annual ACM Conference on Human Factors in Computing Systems, CHI (Vol. 16). doi:10.1145/2858036.2858384.
  • Merriam, S. B., and E. J. Tisdell. 2015. Qualitative Research: A Guide to Design and Implementation. 4th ed. San Francisco, CA: John Wiley.
  • Micallef, N., M. Just, L. Baillie, M. Halvey, and H. G. Kayacik. 2015. “Why Aren’t Users Using Protection? Investigating the Usability of Smartphone Locking.” Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, 284–294. doi:10.1145/2785830.2785835.
  • Mylonas, A., D. Gritzalis, B. Tsoumas, and T. Apostolopoulos. 2013. “A Qualitative Metrics Vector for the Awareness of Smartphone Security Users.” In International Conference on Trust, Privacy and Security in Digital Business, edited by S. Furnell, C. Lambrinoudakis, and J. Lopez, 173–184. Berlin: Springer, August.
  • Norman, D. A. 2013. The Design of Everyday Things: Revised and Expanded Edition. New York: Basic books.
  • Posey, C., T. L. Roberts, P. B. Lowry, and R. T. Hightower. 2014. “Bridging the Divide: A Qualitative Comparison of Information Security Thought Patterns Between Information Security Professionals and Ordinary Organizational Insiders.” Information & Management 51 (5): 551–567. doi: 10.1016/j.im.2014.03.009
  • Rader, E., and R. Wash. 2015. “Identifying Patterns in Informal Sources of Security Information.” Journal of Cybersecurity 1 (1): 121–144.
  • Rader, E., R. Wash, and B. Brooks. 2012. “Stories as Informal Lessons about Security.” Proceedings of the Eighth Symposium on Usable Privacy and Security. doi: 10.1145/2335356.2335364
  • Raytheon and National Cyber Security Alliance. 2016. “ Securing Our Future: Closing the Cybersecurity Talent Gap.” Accessed 5 December 2016. http://www.raytheoncyber.com/rtnwcm/groups/corporate/documents/content/rtn_335212.pdf.
  • Renaud, K., M. Volkamer, and A. Renkema-Padmos. 2014. “Why Doesn’t Jane Protect her Privacy?” In Privacy Enhancing Technologies, 244–262. Springer. doi:10.1007/978-3-319-08506-7_13.
  • Safa, N. S., M. Sookhak, R. Von Solms, S. Furnell, N. A. Ghani, and T. Herawan. 2015. “Information Security Conscious Care Behaviour Formation in Organizations.” Computers & Security 53: 65–78. doi: 10.1016/j.cose.2015.05.012
  • Schaub, F., R. Deyhle, and M. Weber. 2012. “Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms.” Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia, 13. ACM. doi:10.1145/2406367.2406384.
  • Stobert, E., and R. Biddle. 2014. “The Password Life Cycle: User Behaviour in Managing Passwords.” Proceedings of the SOUPS, Menlo Park, CA, July.
  • Stobert, E., and R. Biddle. 2015. “Expert Password Management.” In International Conference on Passwords, edited by F. Stajano, S. F. Mjølsnes, G. Jenkinson, and P. Thorsheim, 3–20. Cambridge: Springer, December.
  • Trewin, S., L. Koved, C. Swart, and K. Singh. 2016. “Perceptions of Risk in Mobile Transactions.” Proceedings of the 2016 IEEE Symposium on Security and Privacy Workshops. (IBM T.J. Watson Research Center). doi:10.1109/SPW.2016.37.
  • Ur, B., J. Bees, S. M. Segreti, L. Bauer, N. Christin, and L. F. Cranor. 2016. “Do Users’ Perceptions of Password Security Match Reality?” Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI ‘16), 3748–3760. New York: ACM. doi:10.1145/2858036.2858546.
  • Volkamer, M., and K. Renaud. 2013. “Mental Models – General Introduction and Review of Their Application to Human-Centred Security.” In Number Theory and Cryptography, 255–280. Berlin: Springer. doi:10.1007/978-3-642-42001-6_18.
  • von Zezschwitz, E., P. Dunphy, and A. de Luca. 2013. “Patterns in the Wild: A Field Study of the Usability of Pattern and pin-Based Authentication on Mobile Devices.” Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services, 261–270. ACM. doi:10.1145/2493190.2493231.
  • Warshaw, J., N. Taft, and A. Woodruff. 2016. “Intuitions, Analytics, and Killing Ants: Inference Literacy of High School-Educated Adults in the US.” Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO.
  • Wash, R. 2010. “Folk Models of Home Computer Security.” Proceedings of the Sixth Symposium on Usable Privacy and Security, Redmond, WA, 11. ACM, July.
  • Wash, R., E. Rader, R. Berman, and Z. Wellmer. 2016. “Understanding Password Choices: How Frequently Entered Passwords are Re-used Across Websites.” Symposium on Usable Privacy and Security (SOUPS), Denver, CO.
  • Whitten, A., and J. D. Tygar. 1999. “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0.” Usenix Security (Vol. 1999), Washington, DC.
  • Wiese, O., and V. Roth. 2015. “Pitfalls of Shoulder Surfing Studies.” Proceedings of NDSS Workshop on Usable Security, San Diego, CA.
  • Wolf, F., R. Kuber, and A. J. Aviv. 2016. “Preliminary Findings from an Exploratory Qualitative Study of Security-conscious Users of Mobile Authentication.” Proceedings of the Second Workshop on Security Information Workers (WSIW) (4 pages), Denver, CO.
  • Yee, K. Y. 2002. “User Interaction Design for Secure Systems.” Internal Technical Report - UCB/CSD-02-1184. http://digitalassets.lib.berkeley.edu/techreports/ucb/text/CSD-02-1184.pdf.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.