ABSTRACT
This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakently evaluated whether a connection is secure or not secure. Empirically-derived typologies are provided for (1) conceptions of security based on users' verbal reasoning, (2) the types of evidence users depend upon in evaluating whether a connection is secure, and (3) conceptions of security as portrayed in users' drawings. Design implications are discussed.
- Friedman, B., Howe, D. C., and Felten, E., Informed consent in the Mozilla browser: Implementing value-sensitive design. Proceedings of HICSS-35 (2002), IEEE Computer Society, Abstract p. 247, CD-ROM OSPE101. Google ScholarDigital Library
- Zurko, M. E., and Simon, R. T. User-centered security. 1996 ACM New Security Paradigm Workshop, Lake Arrowhead, CA, (1997), 27--33. Google ScholarDigital Library
Recommendations
Users' conceptions of risks and harms on the web: a comparative study
CHI EA '02: CHI '02 Extended Abstracts on Human Factors in Computing SystemsIn this study, we analyzed Web users concerns about potential risks and harms from Web use to themselves and to society at large. In addition, we assessed how strongly users felt something should be done to address their concerns. Seventy-two ...
Cookies and Web browser design: toward realizing informed consent online
CHI '01: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsWe first provide criteria for assessing informed consent online. Then we examine how cookie technology and Web browser designs have responded to concerns about informed consent. Specifically, we document relevant design changes in Netscape Navigator and ...
Web Application Security Assessment Tools
Security testing a Web application or Web site requires careful thought and planning due to both tool and industry immaturity. Finding the right tools involves several steps, including analyzing the development environment and process, business needs, ...
Comments