In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
» Openaccess proceedings » Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015)
 | Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) |
Title: Tracking Risky Behavior On The Web: Distinguishing Between What Users ‘Say' And ‘Do'
Author(s): Timothy Kelley, Bennett Bertenthal
Reference: pp204-214
Keywords: Information security, browser login, security expertise, Mechanical Turk, experiment
Abstract: Modern browsers are designed to inform users as to whether or not it is secure to login to a website, but most users are not aware of this information and even those that are sometimes ignore it. The goal of this research is to assess users’ knowledge of security warnings communicated via browser indicators (e.g., https, lock icon in the status bar), and the likelihood that their online decision making adheres to this knowledge. A large sample of participants was recruited from Amazon’s Mechanical Turk and their knowledge of cybersecurity was assessed with an online survey. These participants were also instructed to visit a series of secure and insecure websites, and decide as quickly and as accurately as possible whether or not it was safe to login. The results revealed that knowledge of cybersecurity was not necessarily a good predictor of decisions regarding whether or not to sign-in to a website. Moreover, these decisions were modulated by attention to security indicators, familiarity of the website, and psychosocial stress induced by bonus payments determined by response times and accuracy. We suggest that even individuals with security knowledge are unable to draw the necessary conclusions about digital risks while browsing the web. Users are being educated through daily use to ignore recommended security indicators and we surmise that the lack of conformity in website conventions contributes to this behavior.
Download count: 1379
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.