Advanced search
Publication Cover
International Journal of Human–Computer Interaction Volume 33, 2017 - Issue 11
Submit an article Journal homepage
920
Views
16
CrossRef citations to date
0
Altmetric
Articles

A Study on Designing Video Tutorials for Promoting Security Features: A Case Study in the Context of Two-Factor Authentication (2FA)

Yusuf AlbayramDepartment of Computer Science and Engineering, University of Connecticut, Storrs, Connecticut, USACorrespondence[email protected]
View further author information
,
Mohammad Maifi Hasan KhanDepartment of Computer Science and Engineering, University of Connecticut, Storrs, Connecticut, USAView further author information
&
Michael FaganDepartment of Computer Science and Engineering, University of Connecticut, Storrs, Connecticut, USAView further author information
Pages 927-942 | Published online: 11 Apr 2017

References

  • 2FAAdoptionRates. (2014). Paul Moore: Two factor authentication adoption rates. Retrieved from https://goo.gl/7On5LJ
  • Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behavioral Information Technological, 33 (3), 236–247. doi:10.1080/0144929X.2012.708787
  • Benoit, W. L., Van Eemeren, F., Grootendorst, R., Blair, J., & Willard, C. A. (1987). Argument evaluation. Presented at Argumentation: Across the lines of discipline: Proceedings of the conference on argumentation 1986 (Vol. 3, pp. 299), Amsterdam, Netherlands.
  • Blythe, J., Camp, J., & Garg, V. (2011). Targeted risk communication for computer security. In Proceedings of the 16th international conference on intelligent user interfaces (pp. 295–298), New York, NY. doi:10.1145/1943403.1943449
  • Carr, A., & Ly, P. (2009). “More than words”: Screencasting as a reference tool. Reference Services Review, 37 (4), 408–420.
  • Clark, J. M., & Paivio, A. (1991). Dual coding theory and education. Educational Psychology Review, 3 (3), 149–210.
  • Clarke, N., Furnell, S., Stewart, G., & Lacey, D. (2012). Death by a thousand facts: Criticising the technocratic approach to information security awareness. Information Management & Computer Security, 20 (1), 29–38.
  • CNN-Money. (2013). 2 million Facebook, Gmail and twitter passwords stolen in massive hack. Retrieved from http://money.cnn.com/2013/12/04/technology/security/passwords-stolen/
  • Council, F. (2011). Supplement to authentication in an internet banking environment. Retrieved from http://www.ffiec.gov/pdf/Auth-ITS-Final,206–222
  • Das, S., Kramer, A. D., Dabbish, L. A., & Hong, J. I. (2014). Increasing security sensitivity with social proof: A large-scale experimental confirmation. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security (pp. 739–749), New York, NY. doi:10.1145/2660267.2660271
  • Das, S., Kramer, A. D., Dabbish, L. A., & Hong, J. I. (2015). The role of social influence in security feature adoption. In Proceedings of the 18th ACM conference on computer supported cooperative work & social computing (pp. 1416–1426)., New York, NY. doi:10.1145/2675133.2675225
  • Data breaches. (2016). Retrieved from http://data-breach.silk.co/
  • Davis, F. D. (1993). User acceptance of information technology: System characteristics, user perceptions and behavioral impacts. International Journal of Man-Machine Studies, 38 (3), 475–487.
  • DuoBlog. (2015). Estimating Google’s two-factor (2sv) adoption with pen, paper, and poor math. Retrieved from https://duo.com/blog/estimating-googles-two-factor-2sv-adoption
  • FacebookGuru. (2015). 5 things that Facebook’s security guru says every user should do to be safe online. Retrieved from http://www.businessinsider.com/facebook-security-rules-2015-9
  • Fagan, M., & Khan, M. M. H. (2016). Why do they do what they do?: A study of what motivates users to (not) follow computer security advice. Presented at Twelfth symposium on usable privacy and security (SOUPS 2016) (pp. 59–75), Denver, CO.
  • Forget, A., Chiasson, S., & Biddle, R. (2012). Supporting learning of an unfamiliar authentication scheme. Presented at E-learn: World conference on e-learning in corporate, government, healthcare, and higher education (Vol. 2012, pp. 1002–1011), Montreal, Quebec, Canada.
  • Forget, A., Chiasson, S., Van Oorschot, P. C., & Biddle, R. (2008). Improving text passwords through persuasion. In Proceedings of the 4th symposium on usable privacy and security (pp. 1–12). New York, NY. doi:10.1145/1408664.1408666
  • Fram, E. H., & Grady, D. B. (1997). Internet shoppers: Is there a surfer gender gap? Direct Marketing-Garden City, 59 (9), 46–51.
  • Fuse, I., Okabe, S., Yamanoue, T., Nakamura, A., Nakanishi, M., Fukada, S., Tagawa, T., Takeo, T., Murata, I., Uehara, T., & Yamada, T. (2008). Improving computer ethics video clips for higher education. In Proceedings of the 36th annual ACM SIGUCCS fall conference: Moving mountains, blazing trails (pp. 235–242), New York, NY. doi:10.1145/1449956.1450028
  • Garg, V., Camp, L. J., Connelly, K., & Lorenzen-Huber, L. (2012). Risk communication design: Video vs. text. In S. Fischer-Hu¨bner & M. Wright (Eds.), Privacy enhancing technologies: 12th international symposium, pets 2012, Vigo, Spain, July 11–13, 2012 proceedings (pp. 279–298). Berlin, Heidelberg: Springer Berlin Heidelberg.
  • Grosse, E., & Upadhyay, M. (2013). Authentication at scale. Security & Privacy, IEEE, 11 (1), 15–22.
  • Guo, P. J., Kim, J., & Rubin, R. (2014). How video production affects student engagement: An empirical study of MOOC videos. In Proceedings of the first acm conference on learning at scale conference (pp. 41–50). New York, NY. doi:10.1145/2556325.2566239
  • Harbach, M., Fahl, S., & Smith, M. (2014). Who’s afraid of which bad wolf? A survey of it security risk awareness. In Proceedings of the 2014 IEEE 27th computer security foundations symposium (pp. 97–110). Washington, DC. doi:10.1109/CSF.2014.15
  • Hardin, J. W., Hilbe, J. M., & Hilbe, J. (2007). Generalized linear models and extensions. College Station, TX: Stata Press.
  • Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J., & Rao, H. R. (2014). Security services as coping mechanisms: An investigation into user intention to adopt an email authentication service. Information Systems Journal, 24 (1), 61–84.
  • Herley, C. (2009). So long, and no thanks for the externalities: The rational rejection of security advice by users. In Proceedings of the 2009 workshop on new security paradigms workshop (pp. 133–144), Oxford, UK.
  • Herley, C. (2014). More is not the answer. IEEE Security & Privacy, 12 (1), 14–19.
  • Herron, C., York, H., Corrie, C., & Cole, S. P. (2006). A comparison study of the effects of a story-based video instructional package versus a text-based instructional package in the intermediate-level foreign language classroom. Calico Journal, 23 (2), 281–307.
  • HonanHack. (2012). M. Honan, “How Apple and Amazon security flaws led to my epic hacking,” wired. Retrieved from http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking
  • Howe, A. E., Ray, I., Roberts, M., Urbanska, M., & Byrne, Z. (2012, May). The psychology of security for the home computer user. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, San Francisco, CA.
  • Huang, D.-L., Rau, P.-L. P., Salvendy, G., Gao, F., & Zhou, J. (2011). Factors affecting perception of information security and their impacts on it adoption and security practices. International Journal of Human-Computer Studies, 69 (12), 870–883.
  • Huhmann, B. A., Mothersbaugh, D. L., & Franke, G. R. (2002). Rhetorical figures in headings and their effect on text processing: The moderating role of information relevance and text length. IEEE Transactions on Professional Communication, 45 (3), 157–169.
  • Ion, I., Reeder, R., & Consolvo, S. (2015, July). “…no one can hack my mind”: Comparing expert and non-expert security practices. Presented at Eleventh symposium on usable privacy and security (SOUPS 2015) (pp. 327–346). Ottawa, Canada. Retrieved from https://www.usenix.org/conference/soups2015/proceedings/presentation/ion
  • Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F., & Hong, J. (2010). Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT), 10 (2), 7.
  • Landis, J. R., & Koch, G. G. (1977). The measurement of observer agreement for categorical data. Biometrics, 33 (1), 159–174.
  • Levi, B. H. (2007). Addressing parents’ concerns about childhood immunizations: A tutorial for primary care providers. Pediatrics, 120 (1), 18–26.
  • Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33 (1), 71–90.
  • Linkedin: Hashed passwords breached. (2012). Retrieved June 09 2016, from http://www.inforisktoday.com/linkedin-hashed-passwords-breached-a-4837
  • Mayer, R. E., & Sims, V. K. (1994). For whom is a picture worth a thousand words? Extensions of a dual-coding theory of multimedia learning. Journal of Educational Psychology, 86 (3), 389.
  • Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook. London, UK: Sage.
  • Money, C. (2016). Yahoo says 500 million accounts stolen. Retrieved from http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/
  • Onguardonline. (2016). The federal government’s website to help you be safe, secure and responsible online. Retrieved from http://www.onguardonline.gov/media
  • Peer, E., Vosgerau, J., & Acquisti, A. (2014). Reputation as a sufficient condition for data quality on amazon mechanical turk. Behavior Research Methods, 46 (4), 1023–1031.
  • Petsas, T., Tsirantonakis, G., Athanasopoulos, E., & Ioannidis, S. (2015). Two-factor authentication: Is the world ready?: Quantifying 2FA adoption. In Proceedings of the eighth European workshop on system security (pp. 4:1–4:7). New York, NY. doi:10.1145/2751323.2751327
  • Petty, R. E., & Cacioppo, J. T. (1986). The elaboration likelihood model of persuasion. Advances in Experimental Social Psychology, 19, 123–205. Springer.
  • Petty, R. E., & Cacioppo, J. T. (1996). Attitudes and persuasion: Classic and contemporary approaches. Colorado, USA: Westview Press.
  • Petty, R. E., Haugtvedt, C. P., & Smith, S. M. (1995). Elaboration as a determinant of attitude strength: Creating attitudes that are persistent, resistant, and predictive of behavior. Attitude Strength: Antecedents and Consequences, 4, 93–130.
  • Podszebka, D., Conklin, C., Apple, M., & Windus, A. (1998). Comparison of video and text narrative presentations on comprehension and vocabulary acquisition. Washington, DC: ERIC.
  • PrivacyRights. (2016). Privacy rights clearinghouse engages, educates and empowers individuals to protect their privacy. Retrieved from https://www.privacyrights.org/topics/1436
  • Rogers, R. W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In J. Cacioppo & R. Petty (Eds.), Social Psychophysiology (pp. 153–176). New York, NY: Gilford Press
  • SANS. (2015). Securing the human, computer based training for the end user. Retrieved from https://securingthehumana.sans.org/enduser/
  • Security tip from (US-cert). (2013). Retrieved from https://www.us-cert.gov/ncas/tips/ST05-012
  • Soley, L. C. (1986). Copy length and industrial advertising readership. Industrial Marketing Management, 15 (3), 245–251.
  • Spagnolli, A., Chittaro, L., & Gamberini, L. (2016). Interactive persuasive systems: A perspective on theory and evaluation. International Journal of Human-Computer Interaction, 32 (3), 177–189.
  • Srikwan, S., & Jakobsson, M. (2008, April). Using cartoons to teach internet security. Cryptologia, 32 (2), 137–154. doi:10.1080/01611190701743724
  • Stobert, E., & Biddle, R. (2014, July). The password life cycle: User behaviour in managing passwords. In Symposium on usable privacy and security (SOUPS 2014) (pp. 243–255), Menlo Park, CA. Retrieved from https://www.usenix.org/conference/soups2014/proceedings/presentation/stobert
  • Stobert, E. A. (2015). Graphical passwords and practical password management ( Unpublished doctoral dissertation). Carleton University Ottawa. Retrieved from: https://goo.gl/tvkLMS.
  • stopthinkconnect. (2016). The global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online Retrieved from https://stopthinkconnect.org/campaigns/other
  • TeleSignReport. (2015). Telesign consumer account security report. an international study of digital security concerns and practices. Retrieved from https://www.telesign.com/site/wp-content/uploads/2015/06/TeleSign-Consumer-Account-Security-Report-2015-FINAL.pdf
  • Tempelman-Kluit, N. (2006). Multimedia learning theories and online instruction. College & Research Libraries, 67 (4), 364–369.
  • Tewell, E. (2010). Video tutorials in academic art libraries: A content analysis and review. Art Documentation: Journal of the Art Libraries Society of North America, 29 (2), 53–61).
  • TurnOn2FA. (2016). Turn it on: Telesign’s two-factor authentication (2fa) campaign to bring awareness to the benefits of 2fa. Retrieved from https://www.turnon2fa.com/
  • Two-Factor-Auth. (2016). Two factor auth (2fa): List of websites and whether or not they support 2fa. Retrieved from https:// twofactorauth.org/
  • Ur, B., Kelley, P. G., Komanduri, S., Lee, J., Maass, M., Mazurek, M. L., Passaro, T., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L. F., Egelman, S., López, J. (2012a). Helping Users Create Better Passwords. The USENIX Magazine Login, 37 (6), 51–57
  • Ur, B., Kelley, P. G., Komanduri, S., Lee, J., Maass, M., Mazurek, M. L., Passaro, T., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L. F., Egelman, S., López, J. (2012b). How does your password measure up? The effect of strength meters on password creation. Presented as part of the 21st USENIX security symposium (USENIX security 12) (pp. 65–80), Bellevue, WA. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/ur
  • Visinescu, L. L., Azogu, O., Ryan, S. D., Wu, Y. A., & Kim, D. J. (2016). Better safe than sorry: A study of investigating individuals’ protection of privacy in the use of storage as a cloud computing service. International Journal of Human–Computer Interaction, 32 (11), 885–900.
  • Weinstein, N. D. (1980). Unrealistic optimism about future life events. Journal of Personality and Social Psychology, 39 (5), 806.
  • West, R. (2008, April). The psychology of security. Communications of the ACM, 51 (4), 34–40. doi:10.1145/1330311.1330320
  • Woon, I., Tan, G.-W., & Low, R. (2005). A protection motivation theory approach to home wireless security. Presented at ICIS 2005 proceedings (pp. 31), Las Vegas, NV.
  • World’s biggest data breaches. (2016). Retrieved from http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • Yamanoue, T., Nakanishi, M., Nakamura, A., Fuse, I., Murata, I., Fukada, S.., Tagawa, T., Takeo, T., Okabe, S., & Yamada, T. (2005). Digital video clips covering computer ethics in higher education. In Proceedings of the 33rd annual ACM SIGUCCS conference on user services (pp. 456–461), New York, NY. doi:10.1145/1099435.1099536
  • Zhang-Kennedy, L., Chiasson, S., & Biddle, R. (2016). The role of instructional design in persuasion: A comics approach for improving cybersecurity. International Journal of Human-Computer Interaction, 32 (3), 215–257. doi:10.1080/10447318.2016.1136177

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.