In 2017 and 2018, Naiakshina et al. [21, 22] studied in a lab setting whether computer science students need to be told to write code that stores passwords securely. The authors' results showed that, without explicit prompting, none of the students implemented secure password storage. When asked about this oversight, a common answer was that they would have implemented secure storage-if they were creating code for a company. To shed light on this possible confusion, we conducted a mixed-methods field study with developers. We hired freelance developers online and gave them a similar password storage task followed by a questionnaire to gain additional insights into their work. From our research, we offer two contributions. First of all, we reveal that, similar to the students, freelancers do not store passwords securely unless prompted, they have misconceptions about secure password storage, and they use outdated methods. Secondly, we discuss the methodological implications of using freelancers and students in developer studies. CCS CONCEPTS • Security and privacy → Usability in security and privacy; • Human-centered computing → Empirical studies in HCI .
Technical and organizational steps are necessary to mitigate cyber threats and reduce risks. Human behavior is the last line of defense for many hospitals and is considered as equally important as technical security. Medical staff must be properly trained to perform such procedures. This paper presents the first qualitative, interdisciplinary research on how members of an intermediate care unit react to a cyberattack against their patient monitoring equipment. We conducted a simulation in a hospital training environment with 20 intensive care nurses. By the end of the experiment, 12 of the 20 participants realized the monitors’ incorrect behavior. We present a qualitative behavior analysis of high performing participants (HPP) and low performing participants (LPP). The HPP showed fewer signs of stress, were easier on their colleagues, and used analog systems more often than the LPP. With 40% of our participants not recognizing the attack, we see room for improvements through the use of proper tools and provision of adequate training to prepare staff for potential attacks in the future.
In 2020, COVID-19 hit the World, and with it came the desire for a well-functioning and fast-working possibility to trace contacts of those people who tested positive for the virus, a method called contact tracing. Depending on how automated tracing is implemented, it is necessary to capture and store sensitive information about the user, such as where the user has been, who they were in contact with, and their health status. All of this entails the potential of mission creep and surveillance. In this chapter, we give a brief outline of the tracing technologies and their implications for the users’ data and, therefore, privacy. We look at scientific studies with end users and how their privacy concerns impacted their decision to install a contact tracing app. After reading this chapter, the reader will have an overview of the general privacy discussion and research on contact tracing apps in the context of COVID-19 and hints on where to find further information.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.