How HCI design influences web security decisions

Even though security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human-machine interface. This paper reports on a diary study conducted in order to investigate what people identify as security decisions that they make while using the web. The study aimed to uncover how security is perceived in the individual's context of use. From this data, themes were drawn, with a focus on addressing security goals such as confidentiality and authentication. This study is the first study investigating users' web usage focusing on their self-documented perceptions of security and the security choices they made in their own environment.

[1]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  D. Koehn The Nature of and Conditions for Online Trust , 2003 .

[3]  Jungwon Lee,et al.  What makes Internet users visit cyber stores again? key design factors for customer loyalty , 2000, CHI.

[4]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies † , 2007 .

[5]  Paul Dourish,et al.  Beyond the user: use and non-use in HCI , 2009, OZCHI.

[6]  Andrew S. Patrick,et al.  HCI and security systems , 2003, CHI Extended Abstracts.

[7]  M. Helander,et al.  Affective design of E-commerce user interfaces: how to maximise perceived trustworthiness , 2001 .

[8]  Colin Walls Embedded Software: The Works , 2005 .

[9]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[10]  Cliff Lampe,et al.  A face(book) in the crowd: social Searching vs. social browsing , 2006, CSCW '06.

[11]  Mike Bond,et al.  2010 IEEE Symposium on Security and Privacy Chip and PIN is Broken , 2022 .

[12]  Sameer Patil,et al.  Who gets to know what when: configuring privacy permissions in an awareness application , 2005, CHI.

[13]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[14]  Carl M. Ellison,et al.  Ceremony Design and Analysis , 2007, IACR Cryptol. ePrint Arch..