Human Factors
Simply tell me how - On Trustworthiness and Technology Acceptance of ACS PDF 1,100Kb
Attribute-Based Credential Systems (ACS) have been long proposed as privacy-preserving means of attribute-based authentication, yet neither been considered particularly usable nor found wide-spread adoption, to date. To establish what variables drive the adoption of ACS as a usable security and privacy technology, we investigated how intrinsic and presentation properties impact their perceived trustworthiness and behavioral intent to adopt them. We conducted two confirmatory, fractional-factorial, between-subject, random- controlled trials with a total UK-representative sample of N = 812 participants. Each participant inspected one of 24 variants of Anonymous Credential System Web site, which encoded a combination of three intrinsic factors (provider, usage, benefits) and three presentation factors (simplicity, presence of people, level of available support). Participants stated their privacy and faith-in-technology subjective norms before the trial. After having completed the Web site inspection, they reported on the perceived trustworthiness, the technology adoption readiness, and their behavioral intention to follow through. We established a robust covariance-based structural equation model of the perceived trustworthiness and technology acceptance, showing that communicating facilitating conditions as well as demonstrating results drive the overall acceptance and behavioral intent. Of the manipulated causal variables, communicating with simplicity and on the everyday usage had the greatest and most consistently positive impact on the overall technology acceptance. Our research is the first research showing cause-effect relations in a structural latent factor model with substantial sample size.
The paper is available as pre-print on ArXiv.org. https://arxiv.org/abs/2308.06555
Investigation of the Effect of Incidental Fear Privacy Behavioral Intention PDF 467Kb
Abstract. Incidental emotions users feel during their online activities may alter their privacy behavioral intentions. We investigate the effect of incidental affect (fear and happiness) on privacy behavioral intention. We recruited 330 participants for a within-subjects experiment in three random-controlled user studies. The participants were exposed to three conditions neutral, fear, happiness with standardised stimuli videos for incidental affect induction. Fear and happiness were assigned in random order. The participants' privacy behavioural intentions (PBI) were measured followed by a Positive and Negative Affect Schedule (PANAS-X) manipulation check on self-reported affect. The PBI and PANAS-X were compared across treatment conditions. We observed a statistically significant difference in PBI and Protection Intention in neutral-fear and neutral-happy comparisons. However across fear and happy conditions, we did not observe any statistically significant change in PBI scores. We offer the first systematic analysis of the impact of incidental affects on Privacy Behavioral Intention (PBI) and its sub-constructs. We are the first to offer a fine-grained analysis of neutral-affect comparisons and interactions offering insights in hitherto unexplained phenomena reported in the field.
Note. Uchechi Phyllis Nwadike and Thomas Groß. Investigation of the Effect of Incidental Fear Privacy Behavioral Intention. arXiv:2007.08604, 2020.
Short version:
Uchechi Phyllis Nwadike and Thomas Groß. Investigating the Effect of Incidental Affect States on Privacy Behavioural Intention. In Proceedings of the 9th International Workshop in Socio-Technical Aspects in Security (STAST'2019), LNCS 11739, Springer Verlag, 2020, pp. 181-204
Impact of fear and stress on password choice PDF 766Kb
Abstract. The current cognitive state, such as cognitive effort and depletion, incidental affect or stress may impact the strength of a chosen password unconsciously. We investigate the effect of incidental fear and stress on the measured strength of a chosen password. We conducted two experiments with within-subject designs measuring the Zxcvbn log10 number of guesses as strength of chosen passwords as dependent variable. In both experiments, participants were signed up to a site holding their personal data and, for the second run a day later, asked under a security incident pretext to change their password. (a) Fear. N_F = 34 participants were exposed to standardized fear and happiness stimulus videos in random order. (b) Stress. N_S = 50 participants were either exposed to a battery of standard stress tasks or left in a control condition in random order. The Zxcvbn password strength was compared across conditions. We did not observe a statistically significant difference in mean Zxcvbn password strengths on fear (Hedges' g = -0.11, 95% CI [-0.45, 0.23]) or stress (and control group, Hedges' g = 0.01, 95% CI [-0.31, 0.33]). However, we found a statistically significant cross-over interaction of stress and TLX mental demand. While having observed negligible main effect size estimates for incidental fear and stress, we offer evidence towards the interaction between stress and cognitive effort.
This is the author's copy of our work, building foundations for WP4 Usable Security.
Definitive version: Tom Fordyce, Sam Green, and Thomas Groß. Investigation of the effect of fear and stress on password choice. In proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust (STAST '2017), 2018, pp. 3-15.
The pre-registration of this work is available at its OSF repository.
