Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining

Kävrestad, Joakim; Nohlberg, Marcus

doi:10.1007/978-3-030-58201-2_7

Cited by 3 publications

(2 citation statements)

References 26 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the context of phishing, a user will receive training when opening a mailbox. CBMT is argued to increase users' awareness and has been evaluated in the context of password security with positive results [32]. The research question addressed in this paper is:…”

Section: Introductionmentioning

confidence: 99%

“…Phishing training is, for instance, delivered to users that are in a situation with an elevated risk of being exposed to phishing. It is argued to counter the knowledge retention and user participation problems by automatically appearing in those relevant situations [32]. It is also argued to motivate users towards secure behavior by providing them with training that directly relates to the users' current situation.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Evaluation of Contextual and Game-Based Training for Phishing Detection

et al. 2022

Self Cite

View full text Add to dashboard Cite

Cybersecurity is a pressing matter, and a lot of the responsibility for cybersecurity is put on the individual user. The individual user is expected to engage in secure behavior by selecting good passwords, identifying malicious emails, and more. Typical support for users comes from Information Security Awareness Training (ISAT), which makes the effectiveness of ISAT a key cybersecurity issue. This paper presents an evaluation of how two promising methods for ISAT support users in acheiving secure behavior using a simulated experiment with 41 participants. The methods were game-based training, where users learn by playing a game, and Context-Based Micro-Training (CBMT), where users are presented with short information in a situation where the information is of direct relevance. Participants were asked to identify phishing emails while their behavior was monitored using eye-tracking technique. The research shows that both training methods can support users towards secure behavior and that CBMT does so to a higher degree than game-based training. The research further shows that most participants were susceptible to phishing, even after training, which suggests that training alone is insufficient to make users behave securely. Consequently, future research ideas, where training is combined with other support systems, are proposed.

show abstract

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%