Communications of the ACM
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
Improving security decisions with polymorphic and audited dialogs
Proceedings of the 3rd symposium on Usable privacy and security
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
A usability test of whitelist and blacklist-based anti-phishing application
Proceeding of the 16th International Academic MindTrek Conference
CodeShield: towards personalized application whitelisting
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.01 |
Users have a strong tendency toward dismissing security dialogs unthinkingly. Prior research has shown that users' responses to security dialogs become significantly more thoughtful when dialogs are polymorphic, and that further improvements can be obtained when dialogs are also audited and auditors penalize users who give unreasonable responses. We contribute an Operant Conditioning model that fits these observations, and, inspired by the model, propose Security Reinforcing Applications (SRAs). SRAs seek to reward users' secure behavior, instead of penalizing insecure behavior. User studies show that SRAs improve users' secure behaviors and that behaviors strengthened in this way do not extinguish after a period of several weeks in which users do not interact with SRAs. Moreover, inspired by Social Learning theory, we propose Vicarious Security Reinforcement (VSR). A user study shows that VSR accelerates SRA benefits.