No abstract available.
Proceeding Downloads
"“My sex-related data is more sensitive than my financial data and I want the same level of security and privacy\": User Risk Perceptions and Protective Actions in Female-oriented Technologies"
The digitalization of the reproductive body has engaged myriads of cutting-edge technologies in supporting people to know and tackle their intimate health. Generally understood as female technologies (aka female-oriented technologies or ‘FemTech’), ...
“It's not that I want to see the student's bedroom...”: Instructor Perceptions of e-Proctoring Software
The COVID-19 pandemic motivated higher education institutions to adopt the use of e-proctoring software as a means to maintain academic integrity. This study explores the tension between student privacy and academic integrity from instructors’ ...
Divergences in Blame Attribution after a Security Breach based on Compliance Behavior: Implications for Post-breach Risk Communication
“Attribution of self-blame” is a spontaneous affective and cognitive self-evaluative reaction and is an important predictor of proactive and positive coping response behavior after a negative event. While blame attribution can indeed affect the efficacy ...
A comparison of users' and non-users' perceptions of health and ancestry at-home DNA testing
Direct-to-consumer (at-home) DNA testing allows users to gain ancestry and health information. Previous research has found users to be unconcerned about privacy relating to at-home DNA testing, with incomplete understanding of the process. The shared ...
Effect of Device Risk Perceptions and Understandability of Data Management Features on Consumers' Willingness to Pay (WTP) for IoT Device Premium Data Management Plan
Prior research has noted that users are willing to pay a premium for higher privacy and security of Internet of Things (IoT) devices. However, it is not clear whether and how users’ technical literacy and understandability of data management features ...
Better the Devil You Know: Using Lost-Smartphone Scenarios to Explore user Perceptions of Unauthorised Access
Smartphones are a central part of modern life and contain vast amounts of personal and professional data as well as access to sensitive features such as banking and financial apps. As such protecting our smartphones from unauthorised access is of great ...
“It's the one thing that makes my life tick”: Security Perspectives of the Smartphone Era
As smartphones overtake personal computers as the device of choice for internet access and everyday digital tasks, cybersecurity becomes a pressing issue for the platform. Research has found that smartphone users appear to act less securely than they ...
Analysing the Influence of Loss-Gain Framing on Data Disclosure Behaviour: A Study on the Use Case of App Permission Requests
- Kerstin Bongard-Blanchy,
- Jean-Louis Sterckx,
- Arianna Rossi,
- Anastasia Sergeeva,
- Vincent Koenig,
- Salvador Rivas,
- Verena Distler
This paper examines the effect of the dark pattern strategy “loss-gain framing” on users’ data disclosure behaviour in mobile settings. Understanding whether framing influences users’ willingness to disclose personal information is important to (i) ...
Lessons in Prevention and Cure: A User Study of Recovery from Flubot Smartphone Malware
The smishing-based malware Flubot was taken down in mid-2022, yet there is little understanding of how it directly impacted smartphone users. We engage with customers of a partner Internet Service Provider (ISP), who have suffered a Flubot infection on ...
Assessing Security, Privacy, User Interaction, and Accessibility Features in Popular E-Payment Applications
Mobile payment applications facilitate quick digital transactions; thus, evaluating these applications for security, privacy, user interaction, and accessibility is crucial. In our study, we analyzed the most downloaded 50 mobile payment applications on ...
“Someone Definitely Used 0000”: Strategies, Performance, and User Perception of Novice Smartphone-Unlock PIN-Guessers
We examine the risk to lost, stolen, or unattended smartphones due to attempts to guess the device’s unlock PIN, the most widespread authentication scheme for smartphones. We find novice attacks by those lacking forensic tools or training to be common, ...
Overcoming Theory: Designing Brainwave Authentication for the Real World
Recent advancements in consumer-grade Brain-Computer Interfaces (BCIs) have opened up new possibilities for the exploration and deployment of brainwave-based user authentication. However, research on real-world usability and security is still lacking. ...
PinchKey: A Natural and User-Friendly Approach to VR User Authentication
This study introduces PinchKey, a highly accurate and user-friendly behavioral biometric authentication method for VR users. Authentication is performed using the natural and intuitive ‘pinch’ gesture used when operating VR devices. Since this two-finger ...
Usable Security Model for Industrial Control Systems - Authentication and Authorisation Workflow
Industrial Control Systems (ICS) run critical large-scale systems that are needed in everyday society. These include systems such as: power, water treatment and manufacturing. However, legacy systems are widely utilized in ICS settings and updating, ...
Vision: How to Provide Documentation to Non-skilled Developers for Appropriate Use of Cryptography: Action Research Study on Expert Monitoring
Studies on the usability of cryptographic APIs have pointed out the importance of the quality of API documentation, and such documentation should include tutorials and sample codes in addition to the API specifications. This study evaluates the ...
Encouraging Organisational Information Security Incident Reporting
- Fabian Lucas Ballreich,
- Melanie Volkamer,
- Dirk Müllmann,
- Benjamin Maximilian Berens,
- Elena Marie Häußler,
- Karen V. Renaud
21st-century organisations can only learn how to respond effectively to, and recover from, adverse information security incidents if their employees report any incidents they notice. This should happen irrespective of whether or not they themselves ...
Caring Not Scaring - An Evaluation of a Workshop to Train Apprentices as Security Champions
Security champions are regular employees who have deeper knowledge in information security and a direct connection with the security team. Through this connection, they can facilitate the diffusion of security knowledge to employees and back to the ...
Vision: Supporting Citizens in Adopting Privacy Enhancing Technologies
We have witnessed an alarming growth in collecting citizens’ information by businesses and organizations. The more citizens’ information they collect, the greater their ability to utilize this knowledge for their own interests, often at the expense of ...
Security Champions Without Support: Results from a Case Study with OWASP SAMM in a Large-Scale E-Commerce Enterprise
Developer-centered security research has identified a variety of reasons why software developers do not follow recommended security practices: lack of knowledge, outdated information sources, time pressure, and low usability of security mechanisms and ...
But is it exploitable? Exploring how Router Vendors Manage and Patch Security Vulnerabilities in Consumer-Grade Routers
Millions of consumer-grade routers are vulnerable to security attacks. Router network attacks are dangerous and infections, presenting a serious security threat. They account for 80% of infected devices in the market, posing a greater threat than ...
Privacy Strategies for Conversational AI and their Influence on Users' Perceptions and Decision-Making
Conversational AI (CAI) systems are on the rise and have been widely adopted in homes, cars and public spaces. Yet, people report privacy concerns and mistrust in these systems. Current data protection regulations ask providers to communicate data ...
Vision: What the hack is going on? A first look at how website owners became aware that their website was hacked
Websites are an essential part of today’s business activities. Content Management Systems (CMS) are known for the fact that even laypersons can create good-looking websites with simple means and without huge costs. But if websites are not maintained ...
Influence of URL Formatting on Users' Phishing URL Detection
Despite technical advances in anti-phishing protection, in many cases the detection of phishing URLs largely depends on users manually inspecting the links found in suspicious emails. One solution proposed to support users in doing so is to use a URL ...
Phishing to improve detection
Phishing e-mail scams continue to threaten organisations around the world. With generative artificial intelligence, conventional phishing detection advice such as looking out for linguistic errors and bad layouts will become obsolete. New approaches to ...
“It may take ages”: Understanding Human-Centred Lateral Phishing Attack Detection in Organisations
Lateral phishing attacks can be devastating for users and organisational IT teams as these originate from legitimate, but compromised, email accounts that benefit from the implicit trust between sender and recipients. In this paper, we begin to explore ...
Index Terms
- Proceedings of the 2023 European Symposium on Usable Security