A systematic literature review of empirical methods and risk representation in usable privacy and security research
Usable privacy and security researchers have developed a variety of approaches to
represent risk to research participants. To understand how these approaches are used and …
represent risk to research participants. To understand how these approaches are used and …
A survey on interdependent privacy
M Humbert, B Trubert, K Huguenin - ACM Computing Surveys (CSUR), 2019 - dl.acm.org
The privacy of individuals does not only depend on their own actions and data but may also
be affected by the privacy decisions and by the data shared by other individuals. This …
be affected by the privacy decisions and by the data shared by other individuals. This …
A comprehensive quality evaluation of security and privacy advice on the web
EM Redmiles, N Warford, A Jayanti, A Koneru… - 29th USENIX Security …, 2020 - usenix.org
End users learn defensive security behaviors from a variety of channels, including a plethora
of security advice given in online articles. A great deal of effort is devoted to getting users to …
of security advice given in online articles. A great deal of effort is devoted to getting users to …
" It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
We investigate how a population of end-users with especially salient security and privacy
risks---sex workers---conceptualizes and manages their digital safety. The commercial sex …
risks---sex workers---conceptualizes and manages their digital safety. The commercial sex …
Driving {2FA} adoption at scale: Optimizing {Two-Factor} authentication notification design patterns
Two-factor authentication (2FA) is one of the primary mechanisms for defending end-user
accounts against phishing and password reuse attacks. Unfortunately, getting users to adopt …
accounts against phishing and password reuse attacks. Unfortunately, getting users to adopt …
An empirical study of wireless carrier authentication for {SIM} swaps
We examined the authentication procedures used by five prepaid wireless carriers when a
customer attempted to change their SIM card. These procedures are an important line of …
customer attempted to change their SIM card. These procedures are an important line of …
Asking for a friend: Evaluating response biases in security user studies
The security field relies on user studies, often including survey questions, to query end
users' general security behavior and experiences, or hypothetical responses to new …
users' general security behavior and experiences, or hypothetical responses to new …
Empirical Measurement of Systemic {2FA} Usability
J Reynolds, N Samarin, J Barnes, T Judd… - 29th USENIX Security …, 2020 - usenix.org
Two-Factor Authentication (2FA) hardens an organization against user account compromise,
but adds an extra step to organizations' mission-critical tasks. We investigate to what extent …
but adds an extra step to organizations' mission-critical tasks. We investigate to what extent …
The security & privacy acceptance framework (spaf)
How can we encourage end-user acceptance of expert recommended cybersecurity and
privacy (S&P) behaviors? We review prior art in human-centered S&P and identified three …
privacy (S&P) behaviors? We review prior art in human-centered S&P and identified three …
Security update labels: establishing economic incentives for security patching of IoT consumer products
P Morgner, C Mai, N Koschate-Fischer… - … IEEE Symposium on …, 2020 - ieeexplore.ieee.org
With the expansion of the Internet of Things (IoT), the number of security incidents due to
insecure and misconfigured IoT devices is increasing. Especially on the consumer market …
insecure and misconfigured IoT devices is increasing. Especially on the consumer market …