Users' conceptions of web security: A comparative study

Batya Friedman, David Hurley, Daniel C. Howe, Edward Felten, Helen Nissenbaum

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakenly evaluated whether a connection is secure or not secure. Empirically-derived typologies are provided for (1) conceptions of security based on users' verbal reasoning, (2) the types of evidence users depend upon in evaluating whether a connection is secure, and (3) conceptions of security as portrayed in users' drawings. Design implications are discussed.

Original languageEnglish (US)
Title of host publicationConference on Human Factors in Computing Systems - Proceedings
EditorsL. Terveen, D. Wixon, E. Comstock, A. Sasse
Pages746-747
Number of pages2
StatePublished - 2002
EventConference on Human Factors in Computing Systems - Minneapolis, MN, United States
Duration: Apr 20 2002Apr 25 2002

Other

OtherConference on Human Factors in Computing Systems
CountryUnited States
CityMinneapolis, MN
Period4/20/024/25/02

Fingerprint

community
high technology
rural community
typology
interview
evidence

Keywords

  • Security
  • User conceptions
  • User differences
  • User models
  • Value-sensitive design
  • Web models
  • Web security
  • WWW

ASJC Scopus subject areas

  • Computer Science(all)
  • Social Sciences(all)
  • Human-Computer Interaction
  • Computer Graphics and Computer-Aided Design
  • Software

Cite this

Friedman, B., Hurley, D., Howe, D. C., Felten, E., & Nissenbaum, H. (2002). Users' conceptions of web security: A comparative study. In L. Terveen, D. Wixon, E. Comstock, & A. Sasse (Eds.), Conference on Human Factors in Computing Systems - Proceedings (pp. 746-747)

Users' conceptions of web security : A comparative study. / Friedman, Batya; Hurley, David; Howe, Daniel C.; Felten, Edward; Nissenbaum, Helen.

Conference on Human Factors in Computing Systems - Proceedings. ed. / L. Terveen; D. Wixon; E. Comstock; A. Sasse. 2002. p. 746-747.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Friedman, B, Hurley, D, Howe, DC, Felten, E & Nissenbaum, H 2002, Users' conceptions of web security: A comparative study. in L Terveen, D Wixon, E Comstock & A Sasse (eds), Conference on Human Factors in Computing Systems - Proceedings. pp. 746-747, Conference on Human Factors in Computing Systems, Minneapolis, MN, United States, 4/20/02.
Friedman B, Hurley D, Howe DC, Felten E, Nissenbaum H. Users' conceptions of web security: A comparative study. In Terveen L, Wixon D, Comstock E, Sasse A, editors, Conference on Human Factors in Computing Systems - Proceedings. 2002. p. 746-747
Friedman, Batya ; Hurley, David ; Howe, Daniel C. ; Felten, Edward ; Nissenbaum, Helen. / Users' conceptions of web security : A comparative study. Conference on Human Factors in Computing Systems - Proceedings. editor / L. Terveen ; D. Wixon ; E. Comstock ; A. Sasse. 2002. pp. 746-747
@inproceedings{df0baf80175747c79e81210d510404c6,
title = "Users' conceptions of web security: A comparative study",
abstract = "This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakenly evaluated whether a connection is secure or not secure. Empirically-derived typologies are provided for (1) conceptions of security based on users' verbal reasoning, (2) the types of evidence users depend upon in evaluating whether a connection is secure, and (3) conceptions of security as portrayed in users' drawings. Design implications are discussed.",
keywords = "Security, User conceptions, User differences, User models, Value-sensitive design, Web models, Web security, WWW",
author = "Batya Friedman and David Hurley and Howe, {Daniel C.} and Edward Felten and Helen Nissenbaum",
year = "2002",
language = "English (US)",
pages = "746--747",
editor = "L. Terveen and D. Wixon and E. Comstock and A. Sasse",
booktitle = "Conference on Human Factors in Computing Systems - Proceedings",

}

TY - GEN

T1 - Users' conceptions of web security

T2 - A comparative study

AU - Friedman, Batya

AU - Hurley, David

AU - Howe, Daniel C.

AU - Felten, Edward

AU - Nissenbaum, Helen

PY - 2002

Y1 - 2002

N2 - This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakenly evaluated whether a connection is secure or not secure. Empirically-derived typologies are provided for (1) conceptions of security based on users' verbal reasoning, (2) the types of evidence users depend upon in evaluating whether a connection is secure, and (3) conceptions of security as portrayed in users' drawings. Design implications are discussed.

AB - This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakenly evaluated whether a connection is secure or not secure. Empirically-derived typologies are provided for (1) conceptions of security based on users' verbal reasoning, (2) the types of evidence users depend upon in evaluating whether a connection is secure, and (3) conceptions of security as portrayed in users' drawings. Design implications are discussed.

KW - Security

KW - User conceptions

KW - User differences

KW - User models

KW - Value-sensitive design

KW - Web models

KW - Web security

KW - WWW

UR - http://www.scopus.com/inward/record.url?scp=0038726078&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0038726078&partnerID=8YFLogxK

M3 - Conference contribution

SP - 746

EP - 747

BT - Conference on Human Factors in Computing Systems - Proceedings

A2 - Terveen, L.

A2 - Wixon, D.

A2 - Comstock, E.

A2 - Sasse, A.

ER -