A field trial of privacy nudges for facebook

Anecdotal evidence and scholarly research have shown that Internet users may regret some of their online disclosures. To help individuals avoid such regrets, we designed two modifications to the Facebook web interface that nudge users to consider the content and...

Encountering stronger password requirements

Text-based passwords are still the most commonly used authentication mechanism in information systems. We took advantage of a unique opportunity presented by a significant change in the Carnegie Mellon University (CMU) computing services password policy that required...

Teaching Johnny not to fall for phish

Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security...

The cost of reading privacy policies

Companies collect personally identifiable information that website visitors are not always comfortable sharing. One proposed remedy is to use economics rather than legislation to address privacy risks by creating a marketplace for privacy where website visitors would...

Behavioral response to phishing risk

Tools that aim to combat phishing attacks must take into account how and why people fall for them in order to be effective. This study reports a pilot survey of 232 computer users to reveal predictors of falling for phishing emails, as well as trusting legitimate...

Decision strategies and susceptibility to phishing

This study reports on what everday user do when they come across suspicious emails. An analysis suggests people can manage risks they’re familiar with but are unable to extrapolate their strategies to deal with unfamiliar risks.