The Effects of Security Framing, Time Pressure, and Brand Familiarity on Risky Mobile Application Downloads

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect in both hypothetical choices in lab settings as well as with consumer purchases, and brand familiarity has been shown to affect consumers’ purchase behaviors. Neither factor has been studied in the context of risk communication for mobile app. The current study addressed this gap in the literature and examined the effects of time pressure and brand familiarity on the effectiveness of risk displays (framed as safety or risks) for mobile apps. Specifically, users’ choices were recorded as a measure of effective risk displays. The findings from this study indicated that users rely heavily on brand familiarity when downloading apps. We also showed that security scores, especially when framed as safety, were effective at guiding choice, though this advantage of safety framing was not present when users made decisions under time pressure. The implications from the study indicate that people implicitly trust brands they recognize, safety framed security can be helpful, and decision-making processes change under time pressure

Nudging folks towards stronger password choices:providing certainty is the key

Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations i.e. “nudges”, have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords.We carried out three longitudinal studies to analyse the efficacy of a range of “nudges” by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing “nudges”. Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password, and that it was this certainty that made the difference

Ethical guidelines for nudging in information security & privacy

There has recently been an upsurge of interest in the deployment of behavioural economics techniques in the information security and privacy domain. In this paper, we consider first the nature of one particular intervention, the nudge, and the way it exercises its influence. We contemplate the ethical ramifications of nudging, in its broadest sense, deriving general principles for ethical nudging from the literature. We extrapolate these principles to the deployment of nudging in information security and privacy. We explain how researchers can use these guidelines to ensure that they satisfy the ethical requirements during nudge trials in information security and privacy. Our guidelines also provide guidance to ethics review boards that are required to evaluate nudge-related research

Lessons learned from evaluating eight password nudges in the wild

Background. The tension between security and convenience, when creating passwords, is well established. It is a tension that often leads users to create poor passwords. For security designers, three mitigation strategies exist: issuing passwords, mandating minimum strength levels or encouraging better passwords. The first strategy prompts recording, the second reuse, but the third merits further investigation. It seemed promising to explore whether users could be subtly nudged towards stronger passwords.Aim. The aim of the study was to investigate the influence of visual nudges on self-chosen password length and/or strength.Method. A university application, enabling students to check course dates and review grades, was used to support two consecutive empirical studies over the course of two academic years. In total, 497 and 776 participants, respectively, were randomly assigned either to a control or an experimental group. Whereas the control group received no intervention, the experimental groups were presented with different visual nudges on the registration page of the web application whenever passwords were created. The experimental groups’ password strengths and lengths were then compared that of the control group.Results. No impact of the visual nudges could be detected, neither in terms of password strength nor length. The ordinal score metric used to calculate password strength led to a decrease in variance and test power, so that the inability to detect an effect size does not definitively indicate that such an effect does not exist.Conclusion. We cannot conclude that the nudges had no effect on password strength. It might well be that an actual effect was not detected due to the experimental design choices. Another possible explanation for our result is that password choice is influenced by the user’s task, cognitive budget, goals and pre-existing routines. A simple visual nudge might not have the power to overcome these forces. Our lessons learned therefore recommend the use of a richer password strength quantification measure, and the acknowledgement of the user’s context, in future studies

Sustainable interaction with digital technologies : fostering pro-environmental behavior and maintaining mental health

One of the most essential challenges of the twenty-first century is to realize sustainability in everyday behavior. Daily, partly unconscious decisions influence environmental sustainability. Such everyday choices are increasingly shifted toward digital environments, as digital technologies are ubiquitous in a wide variety of everyday contexts. This yields the great potential to positively influence the users behavior toward more environmental sustainability when interacting with digital technologies, for example, through the use of digital nudging. But besides these benefits, research indicates that interacting with digital technologies can lead to a specific form of stress, also known as technostress, that can cause adverse health outcomes. Individuals increasingly suffer from or are at risk of mental health issues like depression or burnout. This demonstrates that it is essential to ensure a sustainable interaction with digital technologies that is both environmentally friendly and healthy, especially for the mind. Addressing individuals interaction with digital technologies requires a broad understanding from all perspectives. The Human-Computer-Interaction (HCI) framework represents a guiding structure for studying the interaction of humans with digital technologies. Along with the guiding structure of the HCI framework, the seven research articles included in this dissertation aim to contribute to sustainable interaction with digital technologies. The focus is on two outcomes resulting from the interaction: First, fostering pro-environmental behavior and, second, maintaining mental health. After an introductory first chapter, Chapter 2 focuses on the outcome of fostering pro-environmental behavior when interacting with digital technologies using digital nudging. Chapter 2.1 contributes to a deeper understanding of the effectiveness of DNEs in different behavioral contexts (HCI perspective context) that influence the individuals pro-environmental behavior (e.g., e-commerce shopping behavior). Chapters 2.2 and 2.3 zoom in on two of the behavioral contexts described in Chapter 2.1 to investigate and test the design and effectiveness of specific DNEs in an e-commerce shop and a smart home app (HCI perspective technology) through online experiments. While prior research concentrated on the effectiveness of different feedback nudge features (FNFs) (e.g., different update frequencies), Chapter 2.4 investigates the influence of 25 identified FNFs on user satisfaction in a smart home app through a card sorting approach followed by an online survey based on the Kano model (HCI perspective human). Chapter 3 puts focuses on the outcome of maintaining mental health when interacting with digital technologies, thus avoiding technostress. Chapter 3.1 concentrates on the role of the organization in preventing technostress among their employees (HCI perspective context). It introduces and characterizes 24 primary and secondary technostress prevention measures and determines the relevance of primary prevention measures in reducing different sources of technostress (technostress creators). Out of the 24 technostress prevention measures, two specific measures (adopt a stress-sensitive digital workplace design and use gamification) are addressed in Chapters 3.2 and 3.3. Through a large-scale online survey, Chapter 3.2 derives an understanding of the characteristic profiles of technologies used at the digital workplace, their interplay, and how they influence technostress (HCI perspective technology). Chapter 3.3 focuses on the individuals appraisal (HCI perspective human) of a demanding situation when interacting with digital technologies. After conducting an online experiment, Chapter 3.3 finds that the integration of gamification elements (e.g., points or levels) in digital technologies can reduce the individuals threat appraisal. Lastly, Chapter 4 discusses the results of the seven included research articles and provides an outlook for future research. In summary, this dissertation aims to provide research and practice with new insights into creating a sustainable interaction with digital technologies to foster pro-environmental behavior and maintain mental health.Die nachhaltige Gestaltung des Lebens eine der zentralen Herausforderung des einundzwanzigsten Jahrhunderts. Alltägliche, teils unterbewusste Entscheidungen haben Einfluss auf die ökologische Nachhaltigkeit. Diese Entscheidungen werden durch die Allgegenwärtigkeit digitaler Technologien zunehmend in digitalen Umgebungen getroffen. Dies birgt das Potenzial, die Entscheidungen und somit das Verhalten der Nutzer:innen bei der Interaktion mit digitalen Technologien, beispielsweise durch Digital Nudging, positiv in Richtung ökologischer Nachhaltigkeit zu beeinflussen. Doch neben diesen Vorteilen zeigt die Forschung, dass die Interaktion mit digitalen Technologien eine spezifische Form von Stress, bekannt unter dem Begriff Technostress, auslösen kann, die zu negativen gesundheitlichen Folgen führen kann. Immer mehr Menschen leiden unter psychischen Krankheiten wie Depressionen oder Burnout oder sind akut gefährdet, diese zu entwickeln. Das zeigt, dass eine nachhaltige Interaktion mit digitalen Technologien sowohl umweltfreundlich als auch gesund, insbesondere für die Psyche, sein sollte. Das erfordert zunächst ein umfassendes Verständnis für die Problematik und muss deshalb aus allen relevanten Perspektiven betrachtet werden. Das Human-Computer-Interaction (HCI) Framework stellt eine Struktur für die Untersuchung der Interaktion von Menschen mit digitalen Technologien bereit. Das Framework stellt einen ganzheitlichen Ansatz zur Strukturierung und Klassifizierung der Forschung entlang der drei verschiedenen Perspektiven dar. Orientiert an dieser Struktur zielen die sieben Forschungsartikel dieser Dissertation darauf ab, einen Beitrag zur nachhaltigen Interaktion mit digitalen Technologien zu leisten. Dabei liegt der Fokus auf den beiden Ergebnissen der Förderung des umweltfreundlichen Verhaltens und der Aufrechterhaltung der psychischen Gesundheit. Nach dem einleitenden ersten Kapitel fokussiert Kapitel 2 die Förderung eines umweltfreundlichen Verhaltens bei der Interaktion mit digitalen Technologien durch die Verwendung von Digital Nudging. Durch eine strukturierte Literaturanalyse und der anschließenden Entwicklung eines Frameworks trägt Kapitel 2.1 zu einem tieferen Verständnis und einem Überblick der Effektivität von DNEs in verschiedenen Verhaltenskontexten (HCI Perspektive Kontext), die umweltfreundliches Verhalten bestimmen (z.B. Einkaufsverhalten), bei. In den Kapiteln 2.2 und 2.3 werden zwei der in Kapitel 2.1 betrachteten Kontexte vertieft und sowohl das Design als auch die Effektivität spezifischer DNEs in einem E-Commerce-Shop (Kapitel 2.2) und einer Smart Home App (Kapitel 2.3) in Online-Experimenten untersucht (HCI Perspektive Technologie). Kapitel 2.4 konzentriert sich das gut erforschte und wirksame DNE Feedback zur Förderung von energiesparendem Verhalten. Während sich bisherige Forschung auf die Effektivität verschiedener Feedback Nudge Features (FNFs) konzentriert (z.B. unterschiedliche Aktualisierungsfrequenzen), wird in Kapitel 2.4 der Einfluss von 25 identifizierten FNFs auf die Nutzerzufriedenheit mit Hilfe eines Card Sortings und einer Online-Befragung basierend auf dem Kano Modell untersucht (HCI Perspektive Mensch). In Kapitel 3 liegt der Schwerpunkt auf dem Ziel der Aufrechterhaltung der psychischen Gesundheit und somit der Vermeidung von Technostress. Kapitel 3.1 konzentriert sich auf die Rolle der Organisation bei der Prävention von Technostress bei Mitarbeiter:innen (HCI Perspektive Kontext). Basierend auf einer Delphi-Studie werden 24 primäre und sekundäre Technostress-Präventionsmaßnahmen vorgestellt und charakterisiert, sowie deren Relevanz zur Vermeidung von Technostress eingeschätzt. Von den 24 Maßnahmen werden zwei spezifische Maßnahmen (Gestaltung eines stresssensiblen digitalen Arbeitsplatzes" und Einsatz von Gamification) in Kapitel 3.2 und 3.3 behandelt. Kapitel 3.2 trägt durch eine groß angelegte Umfrage zu einem Verständnis für die Charakteristika der am digitalen Arbeitsplatz eingesetzten Technologien und deren Einfluss auf Technostress bei (HCI Perspektive Technologie). Kapitel 3.3 konzentriert sich auf das Individuum und dessen Wahrnehmung einer potenziellen Technostress-Situation bei der Interaktion mit digitalen Technologien (HCI Perspektive Mensch). Durch ein Online-Experiment zeigt sich, dass die Integration von Gamification-Elementen in digitalen Technologien die bedrohende Wahrnehmung der gegebenen Situation des Einzelnen reduzieren kann. Zusammenfassend zielt diese Dissertation darauf ab, Forschung und Praxis mit neuen Erkenntnissen zu einer nachhaltigen Interaktion von Menschen mit digitalen Technologien zu bereichern, die sowohl umweltfreundliches Verhalten fördert als auch die psychische Gesundheit aufrechterhält und somit zu den aktuellen Nachhaltigkeitsbemühungen beiträgt

Addressing consumerization of IT risks with nudging

In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context

Addressing consumerization of IT risks with nudging

In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context

Usable Security. A Systematic Literature Review

Usable security involves designing security measures that accommodate users’ needs and behaviors. Balancing usability and security poses challenges: the more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. Numerous studies have addressed this balance. These studies, spanning psychology and computer science/engineering, contribute diverse perspectives, necessitating a systematic review to understand strategies and findings in this area. This systematic literature review examined articles on usable security from 2005 to 2022. A total of 55 research studies were selected after evaluation. The studies have been broadly categorized into four main clusters, each addressing different aspects: (1) usability of authentication methods, (2) helping security developers improve usability, (3) design strategies for influencing user security behavior, and (4) formal models for usable security evaluation. Based on this review, we report that the field’s current state reveals a certain immaturity, with studies tending toward system comparisons rather than establishing robust design guidelines based on a thorough analysis of user behavior. A common theoretical and methodological background is one of the main areas for improvement in this area of research. Moreover, the absence of requirements for Usable security in almost all development contexts greatly discourages implementing good practices since the earlier stages of development

Designing and presenting digital nudges on mobile phones Building an app based on system requirements and usability heuristics

The environment is progressively affected by global warming and pollution, whereas fossil fuel transportation is one of the major causes. This thesis describes a system that aims to support users in choosing environmentally friendly transportation alternatives. The system uses digital nudging to motivate behavioral change in a non-intrusive manner. This project focuses on the presentation of nudging in a mobile environment. Mobile applications reside in a complex environment with many constraints and limitations. The applications also communicate and influence the end users based on architectural and front-end components. Such applications should thus follow strict guidelines to ensure a robust, extendable, and reusable foundation. Furthermore, the applications should utilize various techniques based on psychological effects and user experience principles to stay competitive in the current market. This project presents a selection of psychological requirements designed for nudging. Additionally, the project creates a novel set of usability heuristics designed for nudging. The project implements an Android app based on the requirements and heuristics. The app lays the foundation for future extensions of front-end designs and nudging