As more and more aspects of users’ lives go online, they can interact with each other, access services and purchase goods with unprecedented convenience and speed. However, this also means that users’ devices and data become more vulnerable to attacks. As security is often added to tools and services as an after-thought, it tends to be poorly integrated into the processes and part of the effort of securing is often offloaded onto the user. Users are goal-driven and they go online to get things done, protecting their security and privacy might therefore not be a priority. The six studies described in this dissertation examine the role of effort in users’ security and privacy behaviours online. First, two security studies use authentication diaries to examine the user effort required for authentication to organisational and online banking systems respectively. Second, two further studies are laboratory evaluations of proposed mechanisms for authentication and verification. Third, two privacy studies examine the role of effort in users’ information disclosure in webforms and evaluate a possible solution that could help users manage how much they disclose. All studies illustrate the different coping strategies users develop to manage their effort. They show that demanding too much effort can affect productivity, cause frustration and undermine the security these mechanisms were meant to offer. The work stresses the importance of conducting methodologically robust user evaluations of both proposed and deployed mechanisms in order to improve user satisfaction and their security and privacy
