Many users have difficulties making effective security decisions. Education is one way to improve users’ mental models of computer security, but a common challenge is that users are not motivated to learn about security. We propose that a visual approach to education can improve comprehension and engagement with security information. This thesis examines whether information graphics form an effective, memorable,
and persuasive method of communication to increase computer security understanding and improve user behaviour. Guided by visual-textual strategies developed in education literature, we designed seven pieces of instructional materials that help end-users learn about password guessing attacks and antivirus protection. These include five infographic posters and two online interactive comics. Five one-week user
studies with a total of 145 participants show that information graphics led to superior learning outcomes and a better user experience than existing text-alone approaches. Participants showed an increase of comprehension, retention, and improved behaviour after one week.
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...