Advanced search
Publication Cover
Behaviour & Information Technology Volume 41, 2022 - Issue 10
Submit an article Journal homepage
3,093
Views
11
CrossRef citations to date
0
Altmetric
Editorial

A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead

Christian Reutera Science and Technology for Peace and Security (PEASEC), Technical University of Darmstadt, Darmstadt, Hessen, GermanyCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0003-1920-038XView further author information
ORCID Icon,
Luigi Lo Iaconob Cyber Security and Privacy, Hochschule Bonn-Rhein-Sieg University of Applied Sciences, Sankt AugustinGermanyView further author information
&
Alexander Benlianc Information Systems & E-Services, Technical University of Darmstadt, Darmstadt, GermanyView further author information
Pages 2035-2048 | Published online: 02 Jun 2022

References

  • Abdul, Ashraf, Jo Vermeulen, Danding Wang, Brian Y. Lim, and Mohan Kankanhalli. 2018, April. “Trends and Trajectories for Explainable, Accountable and Intelligible Systems: An HCI Research Agenda.” In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, Vol. 2018, 1–18. ACM. doi:10.1145/3173574.3174156.
  • Acquisti, Alessandro, Idris Adjerid, and Laura Brandimarte. 2013. “Gone in 15 Seconds: The Limits of Privacy Transparency and Control.” IEEE Security & Privacy 11 (4): 72–74.
  • Adams, Anne, and Martina Angela Sasse. 1999. “Users Are Not the Enemy.” Communications of the ACM 42 (12): 40–46. doi:10.1145/322796.322806.
  • Alizadeh, Fatemeh, Timo Jakobi, Alexander Boden, Gunnar Stevens, and Jens Boldt. 2020. “GDPR Reality Check – Claiming and Investigating Personally Identifiable Data from Companies.” In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroSPW). IEEE, 120–129. doi:10.1109/EuroSPW51379.2020.00025.
  • Althobaiti, Kholoud, Nicole Meng, and Kami Vaniea. 2021. “I Don't Need an Expert! Making URL Phishing Features Human Comprehensible.” In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI '21), Article 695, 17. New York, NY, USA: Association for Computing Machinery. doi:10.1145/3411764.3445574.
  • Angulo, Julio, Simone Fischer-Hübner, Tobias Pulls, and Erik Wästlund. 2015. “Usable Transparency With the Data Track: A Tool for Visualizing Data Disclosures.” In Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems (CHI EA), 1803–1808. Seoul, Republic of Korea: ACM Press. doi:10.1145/2702613.2732701.
  • Biczók, Gergely, Kévin Huguenin, Mathias Humbert, and Jens Grossklags. 2021. “Call for Papers: Special Issue on Managing Multi-Party, Interdependent Privacy Risks.” Computers and Security. https://www.journals.elsevier.com/computers-and-security/call-for-papers/managing-multi-party
  • Bier, Christoph, Kay Kühne, and Jürgen Beyerer. 2016. “PrivacyInsight: The Next Generation Privacy Dashboard.” In Privacy Technologies and Policy (Lecture Notes in Computer Science), edited by Stefan Schiffner, Jetzabel Serna, Demosthenes Ikonomou, and Kai Rannenberg, 135–152. Cham: Springer International Publishing. doi:10.1007/978-3-319-44760-5_9
  • Brandimarte, Laura, Alessandro Acquisti, and George Loewenstein. 2013. “Misplaced Confidences: Privacy and the Control Paradox.” Social Psychological and Personality Science 4 (3): 340–347.
  • Brodsky, Jessica E., Arshia K. Lodhi, Kasey L. Powers, Fran C. Blumberg, and Patricia J. Brooks. 2021. “‘It's Just Everywhere Now’: Middle-school and College Students' Mental Models of the Internet.” Human Behavior and Emerging Technologies 3 (4): 495–511. doi:10.1002/hbe2.281.
  • Brown, Barry. 2001, Marh 26. “Studying the Internet Experience.” Research Report HPL-2001-49. HP Laboratories Bristol. 24 pages.
  • Canova, Gamze, Melanie Volkamer, Clemens Bergmann, and Benjamin Reinheimer. 2015. “NoPhish App Evaluation: Lab and Retention Study.” In NDSS Workshop on Usable Security.
  • Caraban, Ana, Evangelos Karapanos, Daniel Gonçalves, and Pedro Campos. 2019. “23 Ways to Nudge: A Review of Technology-Mediated Nudging in Human-Computer Interaction.” In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI '19), 1–15. New York, NY, USA: Association for Computing Machinery doi:10.1145/3290605.3300733.
  • Cheng, Hao-Fei, Ruotong Wang, Zheng Zhang, Fiona O'Connell, Terrance Gray, F. Maxwell Harper, and Haiyi Zhu. 2019. “Explaining Decision-Making Algorithms through UI: Strategies to Help Non-Expert Stakeholders.” In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, 1–12. ACM. doi:10.1145/3290605.3300789.
  • Cranor, Lorrie Faith, Adam L. Durity, Abigail Marsh, and Blase Ur. 2014. “Parents' and Teens' Perspectives on Privacy In a Technology-Filled World.” In Proceedings of the 10th Symposium On Usable Privacy and Security (SOUPS, 19–35.
  • Cranor, Lorrie Faith, and Simson Garfinkel, eds. 2005. Security and Usability: Designing Secure Systems That People Can Use. Beijing; Sebastapol, CA: O'Reilly.
  • Dupree, Janna Lynn, Richard Devries, Daniel M. Berry, and Edward Lank. 2016. “Privacy Personas: Clustering Users via Attitudes and Behaviors toward Security Practices.” In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, 5228–5239. ACM. doi:10.1145/2858036.2858214.
  • Egelman, Serge, Marian Harbach, and Eyal Peer. 2016. “Behavior Ever Follows Intention?: A Validation of the Security Behavior Intentions Scale (SeBIS).” In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. ACM, 5257–5261. doi:10.1145/2858036.2858265.
  • Egelman, Serge, and Eyal Peer. 2015. “The Myth of the Average User: Improving Privacy and Security Systems Through Individualization.” In Proceedings of the 2015 New Security Paradigms Workshop, 16–28. doi:10.1145/2841113.2841115.
  • Emami-Naeini, Pardis, Janarth Dheenadhayalan, Yuvraj Agarwal, and Lorrie Faith Cranor. 2022. “An Informative Security and Privacy “Nutrition” Label for Internet of Things Devices.” IEEE Security & Privacy 20 (2): 31–39. doi:10.1109/MSEC.2021.3132398.
  • Emami-Naeini, Pardis, Tiona Francisco, Tadayoshi Kohno, and Franziska Roesner. 2021. “Understanding Privacy Attitudes and Concerns Towards Remote Communications During the {COVID-19}.” In Proceedings of the 17th Symposium on Usable Privacy and Security (SOUPS), 695–714.
  • Farke, Florian M., Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Dürmuth. 2020. “‘You Still Use the Password After All’ – Exploring FIDO2 Security Keys in a Small Company.” In Sixteenth Symposium on Usable Privacy and Security (SOUPS '20), 19–35. USENIX Association. https://www.usenix.org/conference/soups2020/presentation/farke.
  • Franz, Anjuli, Gregor Albrecht, Verena Zimmermann, Katrin Hartwig, Christian Reuter, Alexander Benlian, and Joachim Vogt. 2021. “Still Plenty of Phish in the Sea – A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research.” In Proceedings of the Symposium on Usable Privacy and Security (SOUPS), 339–358.
  • Frik, Alisa, Leysan Nurgalieva, Julia Bernd, Joyce Lee, Florian Schaub, and Serge Egelman. 2019. “Privacy and Security Threat Models and Mitigation Strategies of Older Adults.” In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), 21–40. USENIX Association. https://www.usenix.org/conference/soups2019/presentation/frik.
  • Ganster, Daniel C., Richard W. Woodman, Jerome Adams, Michael McCuddy, Howard Fromkin, and Paul D. Tolchinsky. 1979. “Information Privacy in Organizations: An Examination of Employee Perceptions and Attitudes.” In Proceedings of the 39th Annual Conference of the National Academy of Management, 262–266.
  • Garcia, David. 2017. “Leaking Privacy and Shadow Profiles in Online Social Networks.” Science Advances3: 1–6. doi:10.1126/sciadv.1701172.
  • Garfinkel, Simson L., and Heather Richter Lipford. 2014. Usable Security. History, Themes, and Challenges. Synthesis Lectures on Information Security, Privacy, and Trust 5, 1–124. San Rafael, California (USA): Morgan & Claypool. doi:10.2200/S00594ED1V01Y201408SPT011.
  • Gerber, Nina, Paul Gerber, and Melanie Volkamer. 2018. “Explaining the Privacy Paradox: A Systematic Review of Literature Investigating Privacy Attitude and Behavior.” Computers & Security 77: 226–261. doi:10.1016/j.cose.2018.04.002.
  • Gerlitz, Eva, Maximilian Häring, and Matthew Smith. 2021. “Please Do Not Use !?_ or Your License Plate Number: Analyzing Password Policies in German Companies.” In Seventeenth Symposium on Usable Privacy and Security (SOUPS '21), 17–36. USENIX Association. https://www.usenix.org/conference/soups2021/presentation/gerlitz.
  • Golla, Maximilian, Grant Ho, Marika Lohmus, Monica Pulluri, and Elissa M. Redmiles. 2021. “Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns.” In 30th USENIX Security Symposium (USENIX Security '21). USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/golla.
  • Gorski, Peter Leo, Sebastian Moller, Stephan Wiefling, and Luigi Lo Iacono. 2021. “‘I Just Looked for the Solution!’ - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices.” IEEE Transactions on Software Engineering, 1–1.doi:10.1109/TSE.2021.3094171.
  • Green, Matthew, and Matthew Smith. 2016. “Developers are Not the Enemy!: The Need for Usable Security APIs.” IEEE Security & Privacy 14 (5): 40–46. doi:10.1109/MSP.2016.111.
  • Habib, Hana, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Cranor, Joel Reidenberg, Norman Sadeh, and Florian Schaub. 2021. “Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts.” In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI '21), 1–25. New York, NY, USA: Association for Computing Machinery. doi:10.1145/3411764.3445387.
  • Hartwig, Katrin, and Christian Reuter. 2019. “TrustyTweet: An Indicator-Based Browser-Plugin to Assist Users in Dealing with Fake News on Twitter.” In Proceedings of the International Conference on Wirtschaftsinformatik (WI), 1858–1869.
  • Hartwig, Katrin, and Christian Reuter. 2021. “Nudging Users Towards Better Security Decisions in Password Creation Using Whitebox-based Multidimensional Visualizations.” In Behaviour & Information Technology (BIT), 1–24. doi:10.1080/0144929X.2021.1876167.
  • Hasegawa, Ayako A., Naomi Yamashita, Mitsuaki Akiyama, and Tatsuya Mori. 2021. “Why They Ignore English Emails: The Challenges of Non-Native Speakers in Identifying Phishing Emails.” In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), 319–338. USENIX Association. https://www.usenix.org/conference/soups2021/presentation/hasegawa.
  • Hayes, Jordan, Smirity Kaushik, Charlotte Emily Price, and Yang Wang. 2019. “Cooperative Privacy and Security: Learning from People with Visual Impairments and Their Allies.” In Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS), 1–20.
  • Hochheiser, Harry. 2002, November. “The Platform for Privacy Preference as a Social Protocol: An Examination Within the U.S. Policy Context.” ACM Trans. Internet Technol. 2 (4): 276–306. doi:10.1145/604596.604598.
  • Jeske, Debora, Lynne Coventry, and Pam Briggs. 2014, April. “Nudging Whom How: IT Proficiency, Impulse Control and Secure Behaviour.” In Proceedings of the CHI Workshop on Personalizing Behavior Change Technologies, 1–4.
  • Kaiser, Ben, Jerry Wei, Elena Lucherini, Kevin Lee, Nathan Matias, and Jonathan Mayer. 2021. “Adapting Security Warnings to Counter Online Disinformation.” In 30th USENIX Security Symposium (USENIX Security 21).
  • Kamleitner, Bernadette, and Vince Mitchell. 2019. “Your Data is My Data: A Framework for Addressing Interdependent Privacy Infringements.” Journal of Public Policy & Marketing 38 (4): 433–450. doi:10.1177/0743915619858924.
  • Kamleitner, Bernadette, and Mahshid Sotoudeh. 2019. “Information Sharing and Privacy as a Socio-Technical Phenomenon.” TATuP Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis 29: 68–71. doi:10.14512/tatup.28.3.68
  • Kang, Ruogu, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. “‘My Data Just Goes Everywhere:’ User Mental Models of the Internet and Implications for Privacy and Security.” In Proceedings of the 11th Symposium On Usable Privacy and Security (SOUPS), 39–52. Ottawa: USENIX Association.
  • Kelley, Patrick Gage, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. 2010. “Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach.” In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI), 1573. Atlanta, Georgia, USA: ACM Press. doi:10.1145/1753326.1753561.
  • Kerckhoffs, Auguste. 1883, January. “La Cryptographie Militaire.” Journal des sciences militaires IX: 5–38.
  • Knijnenburg, Bart. 2017. “Privacy? I Can't Even! Making a Case for User-Tailored Privacy.” IEEE Security and Privacy 15 (4): 62–67. doi:10.1109/MSP.2017.3151331.
  • Knijnenburg, Bart, and David Cherry. 2016. “Comics as a Medium for Privacy Notices.” In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016).
  • Knijnenburg, Bart P., Xinru Page, Pamela Wisniewski, Heather Richter Lipford, Nicholas Proferes, and Jennifer Romano, eds. 2022. Modern Socio-Technical Perspectives on Privacy. Cham: Springer International Publishing. doi:10.1007/978-3-030-82786-1
  • Kokolakis, Spyros. 2017. “Privacy Attitudes and Privacy Behaviour: A Review of Current Research on the Privacy Paradox Phenomenon.” Computers & Security 64: 122–134. doi:10.1016/j.cose.2015.07.002.
  • Kowalewski, Marvin, Franziska Herbert, Theodor Schnitzler, and Markus Dürmuth. 2022. “Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates.” Proceedings on Privacy Enhancing Technologies (PoPETs) 22 (1): 317–338.
  • Krombholz, Katharina, Karoline Busse, Katharina Pfeffer, Matthew Smith, and Emanuel von Zezschwitz. 2019. “‘If HTTPS Were Secure, I Wouldn't Need 2FA’ -- End User and Administrator Mental Models of HTTPS.” In 2019 IEEE Symposium on Security and Privacy (SP), 246–263. doi:10.1109/SP.2019.00060.
  • Kumaraguru, Ponnurangam, Justin Cranshaw, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Mary Ann Blair, and Theodore Pham. 2009. “School of Phish: A Real-World Evaluation of Anti-Phishing Training.” In Proceedings of the 5th Symposium on Usable Privacy and Security, 1–12.
  • Kunke, Johannes, Stephan Wiefling, Markus Ullmann, and Luigi Lo Iacono. 2021. “Evaluation of Account Recovery Strategies with FIDO2-Based Passwordless Authentication.” In Open Identity Summit 2021 (OID '21). Gesellschaft für Informatik e.V.
  • Kwon, Bum Chul, and Bongshin Lee. 2016. “A Comparative Evaluation on Online Learning Approaches using Parallel Coordinate Visualization.” In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, 993–997. ACM. doi:10.1145/2858036.2858101.
  • Lassak, Leona, Annika Hildebrandt, Maximilian Golla, and Blase Ur. 2021. “‘It's Stored, Hopefully, on an Encrypted Server’: Mitigating Users' Misconceptions about FIDO2 Biometric Webauthn.” In 30th USENIX Security Symposium (USENIX Security '21), 91–108. USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/lassak.
  • Lastdrager, Elmer, Inés Carvajal Gallardo, Pieter Hartel, and Marianne Junger. 2017. “How Effective is Anti-Phishing Training for Children?.” In Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS), 229–239.
  • Linsner, Sebastian, Franz Kuntke, Enno Steinbrink, Jonas Franken, and Christian Reuter. 2021. “The Role of Privacy in Digitalization–Analyzing Perspectives of German Farmers.” Proceedings on Privacy Enhancing Technologies (PoPETs) 2021 (3): 334–350. doi:doi:10.2478/popets-2021-0050.
  • Lyastani, Sanam Ghorbani, Michael Schilling, Michaela Neumayr, Michael Backes, and Sven Bugiel. 2020. “Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication.” In 2020 IEEE Symposium on Security and Privacy (SP '20), 268–285. IEEE. doi:10.1109/SP40000.2020.00047.
  • Machuletz, Dominique, and Rainer Böhme. 2020. “Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs After GDPR.” Proceedings on Privacy Enhancing Technologies (PoPETs)2020: 481–498. doi:10.2478/popets-2020-0037.
  • Marforio, Claudio, Ramya Jayaram Masti, Claudio Soriente, Kari Kostiainen, and Srdjan Capkun. 2016. “Evaluation of Personalized Security Indicators as an Antiphishing Mechanism for Smartphone Applications.” In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, 540–551.
  • Marne, Sonali Tukaram, Mahdi Nasrullah, and Matthew Wright. 2017. “Learning System-assigned Passwords: A Preliminary Study on the People with Learning Disabilities.” In Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS).
  • McDonald, Allison, Catherine Barwulor, Michelle L. Mazurek, Florian Schaub, and Elissa M. Redmiles. 2021. “‘It's Stressful Having All These Phones’: Investigating Sex Workers' Safety Goals, Risks, and Practices Online.” In 30th USENIX Security Symposium (USENIX Security 21), 375–392. USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/mcdonald.
  • Melara, Marcela S., Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. 2015. “CONIKS: Bringing Key Transparency to End Users.” In 24th USENIX Security Symposium (USENIX Security 15), 383–398.
  • Murmann, Patrick, and Simone Fischer-Hübner. 2017. “Tools for Achieving Usable Ex Post Transparency: A Survey.” IEEE Access 5: 22965–22991. doi:10.1109/ACCESS.2017.2765539.
  • Naiakshina, Alena, Anastasia Danilova, Eva Gerlitz, Emanuel von Zezschwitz, and Matthew Smith. 2019. “‘If You Want, I Can Store the Encrypted Password’: A Password-Storage Field Study with Freelance Developers.” In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI '19). Glasgow, Scotland Uk: ACM. doi:10.1145/3290605.3300370.
  • Napoli, Daniela, Khadija Baig, Sana Maqsood, and Sonia Chiasson. 2021. “‘I'm Literally Just Hoping This Will Work:’ Obstacles Blocking the Online Security and Privacy of Users with Visual Disabilities.” In Proceedings of the Seventeenth Symposium on Usable Privacy and Security (SOUPS), 263–280.
  • Nicholson, James, Lynne Coventry, and Pam Briggs. 2017. “Can we Fight Social Engineering Attacks by Social Means? Assessing Social Salience as a Means to Improve Phish Detection.” In Proceedings of the Thirteenth USENIX Conference on Usable Privacy and Security, SOUPS '17, 285–298.
  • Nicholson, James, Lynne Coventry, and Pam Briggs. 2018. “Introducing the Cybersurvival Task: Assessing and Addressing Staff Beliefs about Effective Cyber Protection.” In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), 443–457.
  • Norberg, Patricia A., Daniel R. Horne, and David A. Horne. 2007. “The Privacy Paradox: Personal Information Disclosure Intentions Versus Behaviors.” Journal of Consumer Affairs 41 (1): 100–126. doi:10.1111/j.1745-6606.2006.00070.x.
  • Nyhan, Brendan, and Jason Reifler. 2010. “When Corrections Fail: The Persistence of Political Misperceptions.” Political Behavior 32 (2): 303–330. doi:10.1007/s11109-010-9112-2
  • Oates, Maggie, Yama Ahmadullah, Abigail Marsh, Chelse Swoopes, Shikun Zhang, Rebecca Balebako, and Lorrie Faith Cranor. 2018. “Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration.” Proceedings on Privacy Enhancing Technologies 2018 (4): 5–32. doi:10.1515/popets-2018-0029
  • Owens, Kentrell, Olabode Anise, Amanda Krauss, and Blase Ur. 2021. “User Perceptions of the Usability and Security of Smartphones as FIDO2 Roaming Authenticators.” In Seventeenth Symposium on Usable Privacy and Security (SOUPS '21), 57–76. USENIX Association. https://www.usenix.org/conference/soups2021/presentation/owens.
  • Peer, Eyal, Serge Egelman, Marian Harbach, Nathan Malkin, Arunesh Mathur, and Alisa Frik. 2019. “Nudge Me Right: Personalizing Online Nudges to People's Decision-Making Styles.” SSRN Electronic Journal 1–27.
  • Petelka, Justin, Yixin Zou, and Florian Schaub. 2019. “Put Your Warning Where Your Link is: Improving and Evaluating Email Phishing Warnings.” In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, 1–15.
  • Plöger, Stephan, Mischa Meier, and Matthew Smith. 2021. “A Qualitative Usability Evaluation of the Clang Static Analyzer and libFuzzer with CS Students and CTF Players.” In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), 553–572. USENIX Association. https://www.usenix.org/conference/soups2021/presentation/ploger.
  • Pulls, Tobias, Roel Peeters, and Karel Wouters. 2013. “Distributed Privacy-Preserving Transparency Logging.” In Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, 83–94.
  • Railean, Alexandr, and Delphine Reinhardt. 2018. “Let There Be LITE: Design and Evaluation of a Label for IoT Transparency Enhancement.” In Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services Adjunct, 103–110. Barcelona, Spain: ACM. doi:10.1145/3236112.3236126.
  • Reinhardt, Daniel, Johannes Borchard, and Jörn Hurtienne. 2021. “Visual Interactive Privacy Policy: The Better Choice?” In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI '21), 1–12. New York, NY, USA: Association for Computing Machinery. doi:10.1145/3411764.3445465.
  • Renaud, Karen, Verena Zimmerman, Joseph Maguire, and Steve Draper. 2017. “Lessons Learned from Evaluating Eight Password Nudges in the Wild.” In The LASER Workshop: Learning from Authoritative Security Experiment Results (LASER), 25–37. USENIX Association. https://www.usenix.org/conference/laser2017/presentation/renaud.
  • Roethke, Konstantin, Johannes Klumpe, Martin Adam, and Alexander Benlian. 2020. “Social Influence Tactics in E-commerce Onboarding: The Role of Social Proof and Reciprocity in Affecting User Registrations.” Decision Support Systems 131: Article ID 113268. doi:10.1016/j.dss.2020.113268.
  • Roth, Sebastian, Lea Gröber, Michael Backes, Katharina Krombholz, and Ben Stock. 2021. “12 Angry Developers – a Qualitative Study on Developers' Struggles with CSP.” In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21), 3085–3103. ACM. doi:10.1145/3460120.3484780.
  • Ruoti, Scott, and Kent Seamons. 2019. “Johnny's Journey Toward Usable Secure Email.” IEEE Security Privacy 17 (6): 72–76. doi:10.1109/MSEC.2019.2933683.
  • Saltzer, Jerome H., and Michael D. Schroeder. 1975. “The Protection of Information in Computer Systems.” Proceedings of the IEEE 63 (9): 1278–1308.
  • Sasse, M. Angela, and Awais Rashid. 2021. The Cyber Security Body of Knowledge v1.1.0, 2021. University of Bristol, Chapter Human Factors. KA Version 1.0.1. https://www.cybok.org/.
  • Sasse, M. Angela, Matthew Smith, Cormac Herley, Heather Lipford, and Kami Vaniea. 2016. “Debunking Security-Usability Tradeoff Myths.” IEEE Security & Privacy 14 (5): 33–39. doi:10.1109/MSP.2016.110.
  • Schneider, David, Johannes Klumpe, Martin Adam, and Alexander Benlian. 2020. “Nudging Users Into Digital Service Solutions.” Electronic Markets 30: 863–881. doi:10.1007/s12525-019-00373-8.
  • Schöbel, Sofia, Torben Jan Barev, Andreas Janson, Felix Hupfeld, and Jan Marco Leimeister. 2020. “Understanding User Preferences of Digital Privacy Nudges? A Best-Worst Scaling Approach.” In Hawaii International Conference on System Sciences (HICSS). https://www.alexandria.unisg.ch/257810/.
  • Schufrin, M., S. L. Reynolds, A. Kuijper, and J. Kohlhammer. 2021. “A Visualization Interface to Improve the Transparency of Collected Personal Data on the Internet.” IEEE Transactions on Visualization and Computer Graphics 27 (2): 1840–1849. doi:10.1109/TVCG.2020.3028946
  • Spiekermann, Sarah, Hanna Krasnova, Oliver Hinz, Annika Baumann, Alexander Benlian, Henner Gimpel, Irina Heimbach, et al. 2022. “Values and Ethics in Information Systems.” Business & Information Systems Engineering 64 (2): 247–264. doi:10.1007/s12599-021-00734-8.
  • Steinbrink, Enno, Lilian Reichert, Michelle Mende, and Christian Reuter. 2021. “Digital Privacy Perception of Asylum Seekers in Germany: An Empirical Study about Smartphone Usage during the Flight.” In Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing.
  • Stransky, Christian, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Lena Fehlhaber, Miranda Wei, Blase Ur, and Sascha Fahl. 2021. “On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security.” In Seventeenth Symposium on Usable Privacy and Security, (SOUPS), 437–454.
  • Tabassum, Madiha, Abdulmajeed Alqhatani, Marran Aldossari, and Heather Richter Lipford. 2018. “Increasing User Attention with a Comic-Based Policy.” In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (CHI '18), 1–6. New York, NY, USA: Association for Computing Machinery. doi:10.1145/3173574.3173774.
  • Tahaei, Mohammad, Kami Vaniea, and Naomi Saphra. 2020. “Understanding Privacy-Related Questions on Stack Overflow.” In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI '20). Association for Computing Machinery. doi:10.1145/3313831.3376768.
  • Tan, Joshua, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2020. Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-Strength, Minimum-Length, and Blocklist Requirements, 1407–1426. New York, NY: Association for Computing Machinery. doi:10.1145/3372297.3417882.
  • Thaler, Richard, and Cass Sunstein. 2009. Nudge: Improving Decisions about Health, Wealth, and Happiness. New York (USA): Penguin.
  • Tian, Ke, Steve T. K. Jan, Hang Hu, Danfeng Yao, and Gang Wang. 2018. “Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild.” In Proceedings of the Internet Measurement Conference 2018, IMC '18, 429–442.
  • Tolsdorf, Jan, Florian Dehling, Delphine Reinhardt, and Luigi Lo Iacono. 2021. “Exploring Mental Models of the Right to Informational Self-Determination of Office Workers in Germany.” Proceedings on Privacy Enhancing Technologies (PoPETs) 2021 (3): 5–27. doi:10.2478/popets-2021-0035
  • Tolsdorf, Jan, Delphine Reinhardt, and Luigi Lo Iacono. 2022. “Employees' Privacy Perceptions: Exploring the Dimensionality and Antecedents of Personal Data Sensitivity and Willingness to Disclose.” Proceedings on Privacy Enhancing Technologies (PoPETs) 2022 (2): 68–94. doi:10.2478/popets-2022-003.
  • Ulqinaku, Enis, Hala Assal, AbdelRahman Abdou, Sonia Chiasson, and Srdjan Čapkun. 2021. “Is Real-Time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks Against FIDO Protocols.” In 30th USENIX Security Symposium (USENIX Security '21), 3811–3828. USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/ulqinaku.
  • Ur, Blase, Jonathan Bees, Sean M. Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. “Do Users' Perceptions of Password Security Match Reality?” In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, 3748–3760. ACM. doi:10.1145/2858036.2858546.
  • Verma, Rakesh, and Keith Dyer. 2015. “On the Character of Phishing URLs: Accurate and Robust Statistical Learning Classifiers.” In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY '15, 111–122.
  • Veys, Sophie, Daniel Serrano, Madison Stamos, Margot Herman, Nathan Reitinger, Michelle L. Mazurek, and Blase Ur. 2021. “Pursuing Usable and Useful Data Downloads Under GDPR/CCPA Access Rights via Co-Design.” In Proceedings of the 17th Symposium on Usable Privacy and Security (SOUPS), 217–242.
  • Ware, Colin. 2012. Information Visualization: Perception for Design. 3rd ed. Boston: Morgan Kaufmann.
  • Wash, Rick, Norbert Nthala, and Emilee Rader. 2021. “Knowledge and Capabilities that Non-Expert Users Bring to Phishing Detection.” In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), 377–396. USENIX Association. https://www.usenix.org/conference/soups2021/presentation/wash.
  • Weinmann, Markus, Christoph Schneider, and Jan vom Brocke. 2016. “Digital Nudging.” Business & Information Systems Engineering 58 (6): 433–436. doi:10.1007/s12599-016-0453-1
  • Whitten, Alma, and J. Doug Tygar. 1999. “Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.” In Proceedings of the 8th USENIX Security Symposium (USENIX Security '99), Vol. 348. https://www.usenix.org/legacy/events/sec99/whitten.html.
  • Wiefling, Stephan, Markus Dürmuth, and Luigi Lo Iacono. 2020. “More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication.” In 36th Annual Computer Security Applications Conference (ACSAC '20), 203–218. ACM. doi:10.1145/3427228.3427243.
  • Wiefling, Stephan, Tanvi Patil, Markus Dürmuth, and Luigi Lo Iacono. 2020. “Evaluation of Risk-Based Re-Authentication Methods.” In 35th IFIP TC-11 International Conference on Information Security and Privacy Protection (IFIP SEC '20), 280–294. Springer International Publishing. doi:10.1007/978-3-030-58201-2_19
  • Wu, Justin., and Daniel Zappala. 2018. “When Is a Tree Really a Truck? Exploring Mental Models of Encryption.” In Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS). 395–409.
  • Zheng, Serena, Noah Apthorpe, Marshini Chetty, and Nick Feamster. 2018. “User Perceptions of Smart Home IoT Privacy.” Proceedings of the ACM on Human-Computer Interaction 2 (CSCW): 200:1–200:20. doi:10.1145/3274469.
  • Zimmermann, Verena, Merve Bennighof, Miriam Edel, Oliver Hofmann, Judith Jung, and Melina von Wick. 2018. “‘Home, Smart Home’ – Exploring End Users’ Mental Models of Smart Homes.” In Mensch und Computer 2018 - Workshopband, 407–417. Bonn, Germany: Gesellschaft für Informatik e.V. doi:10.18420/muc2018-ws08-0539
  • Zurko, Mary Ellen, and Richard T. Simon. 1996. “User-Centered Security.” In Proceedings of the 1996 Workshop on New Security Paradigms (NSPW), 27–33. Lake Arrowhead, California, USA: ACM Press. doi:10.1145/304851.304859

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.