Users' conceptions of web security: a comparative study

  title={Users' conceptions of web security: a comparative study},
  author={Batya Friedman and W. David Hurley and Daniel C. Howe and Edward W. Felten and Helen Nissenbaum},
  journal={CHI '02 Extended Abstracts on Human Factors in Computing Systems},
This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakently evaluated whether a connection is secure or not secure. Empirically-derived… Expand

Figures, Tables, and Topics from this paper

An empirical study examining the perceptions and behaviours of security-conscious users of mobile authentication
ABSTRACT The purpose of this study is to better understand, from an explorative qualitative perspective, the motivations and practices of highly security-conscious users of mobile authentication, andExpand
User Perceptions of Privacy and Security on the Web
Findings include evidence that users have tried to educate themselves regarding their online security and privacy, but with limited success; different interpretations of the term "secure Web site" can lead to very different levels of trust in a site; and users may confuse browser cookies with other types of data stored locally by browsers, leading to inappropriate conclusions about the risks they present. Expand
"Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response
This work conducts a series of qualitative interviews with users who had recently experienced suspicious login incidents on their real Facebook accounts in order to explore this process of account security incident response, finding a common process across participants from five countries. Expand
What Instills Trust? A Qualitative Study of Phishing
A user study gauges reactions to a variety of common "trust indicators" - such as logos, third party endorsements, and padlock icons - over a selection of authentic and phishing stimuli to analysis of what makes phishing emails and web pages appear authentic. Expand
Privacy and Security Attitudes, Beliefs and Behaviours: Informing Future Tool Design
Usable privacy and security has become a significant area of interest for many people in both industry and academia. A better understanding of the knowledge and motivation are important factors inExpand
User Perceptions of Security Technologies
In this paper, user perceptions of information systems security are explored through a study of university students. Server authentication, which is often ignored by users, clouded by systemExpand
An empirical study of customers' perceptions of security and trust in e-payment systems
A conceptual model is proposed that delineates the determinants of consumers’ perceived security and perceived trust, as well as the effects of perceived safety and trust on the use of e-payment systems. Expand
Preliminary Findings from an Exploratory Qualitative Study of Security-Conscious Users of Mobile Authentication
The purpose of this study is to better understand the mental models and practices of those security conscious users from academia, industry, and government, noting that mobile authentication studies have largely overlooked the mindset of users who have considered their behavior in terms of detailed knowledge of risk. Expand
Privacy Personas: Clustering Users via Attitudes and Behaviors toward Security Practices
This paper identifies five user clusters that emerge from end-user behaviors-Fundamentalists, Lazy Experts, Technicians, Amateurs and the Marginally Concerned, and argues that these clusters complement past work in understanding privacy choices, and that they can aid in the design of new computer security technologies. Expand
An Exploratory Study of the Security Management Practices of Hispanic Students
The growing Internet and mobile technologies create opportunities for efficient communication and coordination among individuals and institutions. However, these technologies also pose securityExpand


User-centered security
This work discusses the work on user-centered authorization, which started with a rules-based authorization engine (MAP) and will continue with Adage, and evaluates the pros and cons of this effort, as a precursor to further work in this area. Expand
Informed consent in the Mozilla browser: implementing value-sensitive design
This work describes the VSD methodology, explicate criteria for informed consent in online interactions and summarize how current browsers fall short with respect to those criteria. Expand