Users' conceptions of web security: a comparative study

Authors:
Batya Friedman;David Hurley;Daniel C. Howe;Edward Felten;Helen Nissenbaum
Affiliations:
University of Washington, Seattle, WA;University of Washington, Seattle, WA;University of Washington, Seattle, WA;Princeton University, Princeton, NJ;Princeton University, Princeton, NJ
Venue:
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Year:
2002

Citing 2
Cited 30

User-centered security

NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Informed Consent in the Mozilla Browser: Implementing Value Sensitive Design

HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 8 - Volume 8

Can you see what i hear?: the design and evaluation of a peripheral sound display for the deaf

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Security in the wild: user strategies for managing security as an everyday, practical problem

Personal and Ubiquitous Computing
Trusted paths for browsers

ACM Transactions on Information and System Security (TISSEC)
Omnivore: risk management through bidirectional transparency

NSPW '04 Proceedings of the 2004 workshop on New security paradigms
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Gathering evidence: use of visual security cues in web browsers

GI '05 Proceedings of Graphics Interface 2005
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Decision strategies and susceptibility to phishing

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Security user studies: methodologies and best practices

CHI '07 Extended Abstracts on Human Factors in Computing Systems
Dynamic pharming attacks and locked same-origin policies for web browsers

Proceedings of the 14th ACM conference on Computer and communications security
End-user privacy in human-computer interaction

Foundations and Trends in Human-Computer Interaction
More than meets the eye: transforming the user experience of home network management

Proceedings of the 7th ACM conference on Designing interactive systems
Reflecting on the invisible: understanding end-user perceptions of ubiquitous computing

UbiComp '08 Proceedings of the 10th international conference on Ubiquitous computing
"When I am on Wi-Fi, I am fearless": privacy concerns & practices in eeryday Wi-Fi use

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Enhancing research into usable privacy and security

Proceedings of the 27th ACM international conference on Design of communication
Designing for social interaction with mundane technologies: issues of security and trust

Personal and Ubiquitous Computing
What instills trust? a qualitative study of phishing

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Crying wolf: an empirical study of SSL warning effectiveness

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
TLS man-in-the-middle laboratory exercise for network security education

Proceedings of the 2010 ACM conference on Information technology education
HProxy: client-side detection of SSL stripping attacks

DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Reinforcing bad behaviour: the misuse of security indicators on popular websites

Proceedings of the 22nd Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction
Improving the safety of homeless young people with mobile phones: values, form and function

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An image of electricity: towards an understanding of how people perceive electricity

INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Preventing web-spoofing with automatic detecting security indicator

ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Self-identified experts lost on the interwebs: the importance of treating all results as learning experiences

Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Measuring SSL indicators on mobile browsers: extended life, or end of the road?

ISC'12 Proceedings of the 15th international conference on Information Security
Comparative eye tracking of experts and novices in web single sign-on

Proceedings of the third ACM conference on Data and application security and privacy
Mental models of verifiability in voting

Vote-ID'13 Proceedings of the 4th international conference on E-Voting and Identity
Alice in warningland: a large-scale field study of browser security warning effectiveness

SEC'13 Proceedings of the 22nd USENIX conference on Security
Using the health belief model to explore users' perceptions of 'being safe and secure' in the world of technology mediated financial transactions

International Journal of Human-Computer Studies

Quantified Score

Hi-index	0.00

Visualization

Abstract

This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakently evaluated whether a connection is secure or not secure. Empirically-derived typologies are provided for (1) conceptions of security based on users' verbal reasoning, (2) the types of evidence users depend upon in evaluating whether a connection is secure, and (3) conceptions of security as portrayed in users' drawings. Design implications are discussed.