Social Media As a Resource for Understanding Security Experiences: A Qualitative Analysis of #Password Tweets

As security technologies become more embedded into people’s everyday lives, it becomes more challenging for researchers to understand the contexts in which those technologies are situated. The need to develop research methods that provide a lens on personal experiences has driven much recent work in human-computer interaction, but has so far received little focus in usable security. In this paper we explore the potential of the micro blogging site Twitter to provide experience-centered insights into security practices. Taking the topic of passwords as an example, we collected tweets with the goal to capture personal narratives of password use situated in its context. We performed a qualitative content analysis on the tweets and uncovered: how tweets contained critique and frustration about existing password practices and workarounds; how people socially shared and revoked their passwords as a deliberate act in exploring and defining their relationships with others; practices of playfully bypassing passwords mechanisms and how passwords are appropriated in portrayals of self. These findings begin to evidence the extent to which passwords increasingly serve social functions that are more complex than have been documented in previous research.

[1]  Scott A. Golder,et al.  Diurnal and Seasonal Mood Vary with Work, Sleep, and Daylength Across Diverse Cultures , 2011 .

[2]  Yoosun Hwang,et al.  ANTECEDENTS OF INTERPERSONAL COMMUNICATION MOTIVES ON TWITTER: LONELINESS AND LIFE SATISFACTION , 2014 .

[3]  Nello Cristianini,et al.  Tracking the flu pandemic by monitoring the social web , 2010, 2010 2nd International Workshop on Cognitive Information Processing.

[4]  Peter C. Wright,et al.  Empathy and experience in HCI , 2008, CHI.

[5]  Peter C. Wright,et al.  Understanding the Experience-Centeredness of Privacy and Security Technologies , 2014, NSPW '14.

[6]  Duncan Rowland,et al.  Disinhibited abuse of othered communities by second-screening audiences , 2014, TVX.

[7]  Mike Thelwall,et al.  Sentiment in short strength detection informal text , 2010 .

[8]  Klaus Krippendorff,et al.  Content Analysis: An Introduction to Its Methodology , 1980 .

[9]  Isabell M. Welpe,et al.  Election Forecasts With Twitter , 2011 .

[10]  Amy L. Parsons,et al.  Emotional Design: Why We Love (or Hate) Everyday Things , 2006 .

[11]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[12]  Patrick Olivier,et al.  Designing for Spontaneous and Secure Delegation in Digital Payments , 2014, Interact. Comput..

[14]  Richard Ford,et al.  Heartbleed 101 , 2014, IEEE Security & Privacy.

[15]  Peter C. Wright,et al.  Experience-Centered Design: Designers, Users, and Communities in Dialogue , 2010, Experience-Centered Design.

[16]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[17]  Sunny Consolvo,et al.  "My religious aunt asked why i was trying to sell her viagra": experiences with account hijacking , 2014, CHI.

[18]  Rick Wash,et al.  Stories as informal lessons about security , 2012, SOUPS.

[19]  Gunela Astbrink,et al.  Password sharing: implications for security design based on social practice , 2007, CHI.

[20]  Adam D. I. Kramer An unobtrusive behavioral model of "gross national happiness" , 2010, CHI.

[21]  Mari Carmen Puerta Melguizo,et al.  Cognition, Technology & Work , 2005 .

[22]  Maeve Duggan,et al.  Social Media Update 2016 , 2016 .

[23]  A. Smeaton,et al.  On Using Twitter to Monitor Political Sentiment and Predict Election Results , 2011 .

[24]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[25]  Scott Counts,et al.  Tweeting is believing?: understanding microblog credibility perceptions , 2012, CSCW.

[26]  Paul Dourish,et al.  Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena , 2006, Hum. Comput. Interact..

[27]  Ray A. Perlner,et al.  Electronic Authentication Guideline , 2014 .

[28]  John C. McCarthy,et al.  Technology as experience , 2004, INTR.

[29]  Peter C. Wright,et al.  Putting ‘felt-life’ at the centre of human–computer interaction (HCI) , 2005, Cognition, Technology & Work.

[30]  Mikolaj Jan Piskorski,et al.  A Social Strategy: How We Profit from Social Media , 2014 .

[31]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[32]  Gillian R. Hayes The relationship of action research to human-computer interaction , 2011, TCHI.

[33]  Salvador Mandujano,et al.  Deterring password sharing: user authentication via fuzzy c-means clustering applied to keystroke biometric data , 2004, Proceedings of the Fifth Mexican International Conference in Computer Science, 2004. ENC 2004..

[34]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[35]  ThelwallMike,et al.  Sentiment strength detection in short informal text , 2010 .

[36]  D. Norman Emotional design : why we love (or hate) everyday things , 2004 .

[37]  Markus Jakobsson,et al.  Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[38]  Timothy W. Finin,et al.  Why we twitter: understanding microblogging usage and communities , 2007, WebKDD/SNA-KDD '07.

[39]  Paul C. van Oorschot,et al.  A Research Agenda Acknowledging the Persistence of Passwords , 2012, IEEE Security & Privacy.

[40]  M. Angela Sasse,et al.  The true cost of unusable password policies: password use in the wild , 2010, CHI.

[41]  Joseph Kaye Self-reported password sharing strategies , 2011, CHI.

[42]  A. Brenner Twitter Use 2012 , 2012 .