Internet users face large numbers of security warnings, which they mostly ignore. To improve risk communication, warnings must be fewer but better. We report an experiment on whether compliance can be increased by using some of the social-psychological techniques the scammers themselves use, namely appeal to authority, social compliance, concrete threats and vague threats. We also investigated whether users turned off browser malware warnings (or would have, had they known how).
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...