Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users

While extant literature on privacy in social networks is plentiful, issues pertaining to information security remain largely unexplored. This paper empirically examines the relationship between online victimisation and users' activity and perceptions of personal information security on social networking services (SNS). Based on a survey of active users, we explore how behavioural patterns on social networks, personal characteristics and technical efficacy of users impact the risk of facing online victimisation. Our results suggest that users with high-risk propensity are more likely to become victims of cybercrime, whereas those with high perceptions of their ability to control information shared on SNS are less likely to become victims. The study shows that there is a negative and statistically significant association between multipurpose dominant SNS (e.g. Facebook, Google +) usage and victimisation. However, activity on the SNS for knowledge exchange (e.g. LinkedIn, Blogger) has a positive and statistically significant association with online victimisation. Our results have implications for practice as they inform the social media industry that protection of individual information security on SNS cannot be left entirely to the user. The importance of user awareness in the context of social technologies plays an important role in preventing victimisation, and social networking services should provide adequate controls to protect personal information

"I don’t like putting my face on the Internet!": An acceptance study of face biometrics as a CAPTCHA replacement

Biometric technologies have the potential to reduce the effort involved in securing personal activities online, such as purchasing goods and services. Verifying that a user session on a website is attributable to a real human is one candidate application, especially as the existing CAPTCHA technology is burdensome and can frustrate users. Here we examine the viability of biometrics as part of the consumer experience in this space. We invited 87 participants to take part in a lab study, using a realistic ticket-buying website with a range of human verification mechanisms including a face biometric technology. User perceptions and accep- tance of the various security technologies were explored through interviews and a range of questionnaires within the study. The results show that some users wanted reassurance that their personal image will be protected or discarded af- ter verifying, whereas others felt that if they saw enough people using face biometrics they would feel assured that it was trustworthy. Face biometrics were seen by some par- ticipants to be more suitable for high-security contexts, and by others as providing extra personal data that had unac- ceptable privacy implications

Future prospects for personal security in travel by public transport

This work was supported by the Engineering and Physical Sciences Research Council [grant number EP/I037032/1]. No other funding support from any other bodies was provided.Peer reviewedPublisher PD

MOBILE PHONES AND USER PERCEPTIONS OF PRIVACY AND SECURITY

As smartphones proliferate, new technologies including facial recognition, sensors and Near Field Communications (NFC) are expected to produce everyday services and applications that challenge traditional concepts of individual privacy. The average person as well as the “tech-savvy” mobile phone user may not yet be fully aware of the extent to which privacy and security are relevant to their mobile activities and how comparable it is to personal computer usage. We investigate perceptions and usage of mobile data services with privacy and security sensitivities: social networking, banking/payments and health-related activities to see if there is a relationship to usage behavior. Nationally representative survey data collected in 2011 from two markets: the US and Japan are presented to show demographic and cultural differences

A Comparative Usability Study of Two-Factor Authentication

Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. However, it also introduces non-negligible costs for service providers and requires users to carry out additional actions during the authentication process. In this paper, we present an exploratory comparative study of the usability of 2F technologies. First, we conduct a pre-study interview to identify popular technologies as well as contexts and motivations in which they are used. We then present the results of a quantitative study based on a survey completed by 219 Mechanical Turk users, aiming to measure the usability of three popular 2F solutions: codes generated by security tokens, one-time PINs received via email or SMS, and dedicated smartphone apps (e.g., Google Authenticator). We record contexts and motivations, and study their impact on perceived usability. We find that 2F technologies are overall perceived as usable, regardless of motivation and/or context of use. We also present an exploratory factor analysis, highlighting that three metrics -- ease-of-use, required cognitive efforts, and trustworthiness -- are enough to capture key factors affecting 2F usability.Comment: A preliminary version of this paper appears in USEC 201

Security and Online learning: to protect or prohibit

The rapid development of online learning is opening up many new learning opportunities. Yet, with this increased potential come a myriad of risks. Usable security systems are essential as poor usability in security can result in excluding intended users while allowing sensitive data to be released to unacceptable recipients. This chapter presents findings concerned with usability for two security issues: authentication mechanisms and privacy. Usability issues such as memorability, feedback, guidance, context of use and concepts of information ownership are reviewed within various environments. This chapter also reviews the roots of these usability difficulties in the culture clash between the non-user-oriented perspective of security and the information exchange culture of the education domain. Finally an account is provided of how future systems can be developed which maintain security and yet are still usable