Category Archives: mental models of security

by | August 17, 2011 · 7:01 PM

Can Metaphors of Physiscal Security Work for Computers?

Physical Security Metaphor for Personal Firewall Warnings

There is evidence that the communication of security risks to home computer users has been unsuccessful. Prior research has found that users do not heed risk communications, that they do not read security warning texts, and that they ignore them. Risk communication should convey the basic facts relevant to the warning recipient’s decision. In the warning science literature, one successful technique for characterizing and designing risk communication is to employ the mental models approach, which is a decision-analytic framework. With this approach, the design of risk communication is based on the recipients’ mental model(s). The goal of the framework is to help people make decisions by providing risk communication that improves the recipients’ mental models in one of three ways: (1) adding missing knowledge, (2) restructuring the person’s knowledge when it inappropriately focussed (i.e., too general or too narrow), and (3) removing misconceptions.

Continue reading

by | March 6, 2011 · 9:59 AM

Have users signed up?

I participated in a panel “Password Managers, Single Sign-On, Federated ID: Have users signed up?” at Workshop on The Future of User Authentication and Authorization on the Web: Challenges in Current Practice, New Threats, and Research Directions, which was collocated with the conference on Financial Cryptography and Data Security. In my panel presentation, I showed the most recent results of the evaluation of OpenID authentication experience by participants, conducted in my lab, which shed some light on why users have not signed up, at least for OpenID. An apparent reluctance among the end users of employing OpenID, despite the fact that there are over one billion OpenId-enabled accounts, results from technical, business, and human factors. This particular short presentation was devoted to the usability factors.

by | February 20, 2011 · 12:25 AM

CHI Work in Progress to Feature LERSSE Research

This year, in Vancouver, Work In Progress Posters session of SIG CHI Conference will feature three research projects of my graduate students.

Continue reading

by | February 8, 2011 · 4:19 AM

Lessons learned from studying users’ mental models of security

In the course of past three years at LERSSE, we have done several studies that helped us to further the understanding of users’ mental models, when it comes to security. Continue reading

by | January 11, 2011 · 4:15 AM

Single Sign On on the Web: What’s broken and What can be fixed?

With Ph.D. student San-Tsai Sun, we have been investigating single-sign-on for Web. Continue reading

by | October 4, 2010 · 4:13 AM

Understanding Wants and Needs of Personal Firewall Users

I’ve presented results of a user study by my graduate student Fahimeh Raja at SafeConfig. She conducted semi-structured interviews with a diverse set of participants to gain an understanding of their knowledge, requirements, perceptions, and misconceptions of personal firewalls. There are several interesting findings. Continue reading