How does this message make you feel? A study of user perspectives on software update/warning message design

Fagan, Michael J.; Khan, Mohammad Maifi Hasan; Nguyen, Nhan

doi:10.1186/s13673-015-0053-y

Cited by 16 publications

(15 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Das et al showed that social influences were key in users' consideration of security decisions and impactful towards security outcomes [20]. Several studies have identified the importance of individual considerations in the decision of users to apply a software update [21][22][23][24]. In particular, past experiences were identified to be an important factor in users' decisions, particularly if past experiences were negative [22,23].…”

Section: Related Workmentioning

confidence: 99%

“…Several studies have identified the importance of individual considerations in the decision of users to apply a software update [21][22][23][24]. In particular, past experiences were identified to be an important factor in users' decisions, particularly if past experiences were negative [22,23]. In addition to user perceptions, more work in cybersecurity is also taking a more explicitly psychological approach towards understanding users' computer security behaviors, as shown in Howe et al 's 2012 survey of literature related to the psychology of end-users [25].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An investigation into users’ considerations towards using password managers

Fagan

Albayram

Khan

et al. 2017

Hum. Cent. Comput. Inf. Sci.

Self Cite

View full text Add to dashboard Cite

Password managers, though commonly recommended by security experts, are still not used by many users. Understanding why some choose to use password managers while others do not is important towards generally understanding why some users do what they do and, by extension, designing motivational tools such as video tutorials to help motivate more to use password managers. To investigate differences between those who do and do not use a password manager, for this paper, we distributed an online survey to a total of 137 users and 111 non-users of the tool that asked about their opinions/experiences with password managers. Furthermore, since emotion has been identified by work in psychology and communications as influential in other risk-laden decision-making (e.g., safe-sex behavior such as condom use), we asked participants who use a password manager to rate how they feel for 45 different emotions, or, as the case for those who do not use a password manager, to rate how they imagine they would feel the 45 emotions if they did use the tool. Our results show that “users” of password managers noted convenience and usefulness as the main reasons behind using the tool, rather than security gains, underscoring the fact that even a large portion of users of the tool are not considering security as the primary benefit while making the decision. On the other hand, “non-users” noted security concerns as the main reason for not using a password manager, highlighting the prevalence of suspicion arising from lack of understanding of the technology itself. Finally, analysis of the differences in emotions between “users” and “non-users” reveals that participants who never use a password manager are more likely to feel suspicious compared to “users,” which could be due to misunderstandings about the tool.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

An investigation into users’ considerations towards using password managers

Fagan

Albayram

Khan

et al. 2017

Hum. Cent. Comput. Inf. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

“…It has been widely established that changes to features and interfaces are common reasons for not updating, especially after previous negative experiences [5], [13], [23]- [26]. Bergan and Whittaker [23] explained the impact of changes to interfaces in terms of five key cognitive concepts: a loss of cognitive automation (a need for more attention to the task after a user interface is made less familiar); negative transfer effects (the need to discard skills learned 'doing things the old way'); the need to rebuild cognitive maps (such as rediscovering where a menu item is); the need to retrain procedural memory ('even if we know 'in our heads', our 'hands' still do what they used to do with the old interface') and; the demotivating effects on the user of a feeling of loss of overall control.…”

Section: B the Need For Human Controlmentioning

confidence: 99%

“…Many previous studies about software updating e.g. [7], [22], [26] have also drawn participants from academically biased pools. These participants might be more technically savvy, with more technically accurate mental models of updates.…”

Section: Survey Studymentioning

confidence: 99%

In Control with no Control: Perceptions and Reality of Windows 10 Home Edition Update Features

Morris¹,

Becker²,

Parkin³

2019

Proceedings 2019 Workshop on Usable Security

View full text Add to dashboard Cite

Home computer users are regularly advised to install software updates to stay secure. Windows 10 Home edition is unique as it automatically downloads and installs updates, and restarts the computer automatically if needed. The automatic restarts can be influenced through a number of features, such as 'active hours' (the period during which a computer will never automatically restart to finish installing an update) or by explicitly setting a time when to restart the computer. This research investigates if the features Microsoft provides for managing updates on Windows 10 Home edition are appropriate for computer owners. We build a model of the update behaviour of Windows 10. The model identifies all interaction points between the update system and the users. We contrast the theory with reality in a survey study with 93 participants which establishes the experiences and perceptions of users of Windows 10 Home. Windows will not restart a computer outside active hours if the computer is in use. However, if any user of a machine sets an explicit restart time, the computer will restart at that time in order to install quality updates even if the computer is still in active use (potentially by a different user to the one who set the restart time). While overall perceptions of updates were positive, the pattern of use of almost all users was incompatible with the default setting of the 'active hours' feature. Only 28% of users knew of its existence. Users are mostly unaware of quality (bugfix) updates, perceiving that updates act mostly to add features. Half of our participants report unexpected restarts, while half also reported growing concern about the state of their device if an update took a long time. Participants who had previous negative experiences had weaker beliefs about their ability to control updates than those who had not. We recommend that operating systems obtain explicit permission for restarts consistently; there are opportunities for default features such as active hours and update progress displays to learn from usage activity.

show abstract

“…Step 1: WAP ⟶ S: = { , , , , } The firmware upgrade is started when the WAP administrator performs a firmware upgrade or a regularly scheduled application is started [27]. The WAP sends a client hello message to the server S. The client hello contains the TLS version, a random number of 32 bytes, the session ID, and the supported encryption and compression algorithms.…”

Section: Proposed Firmware Upgrade Protocolmentioning

confidence: 99%

Sustainable and Practical Firmware Upgrade for Wireless Access Point Using Password-Based Authentication

Jang

Jung

2016

Sustainability

View full text Add to dashboard Cite

Wireless access points (WAPs) are devices that provide Internet connectivity to devices such as desktops, laptops, smartphones, and tablets. Hence, it is important to provide sufficient availability to devices and security for the traffic that is routed by a WAP. However, attackers can decrease the network bandwidth or obtain the traffic including private data such as search histories, login information, and device usage patterns by exploiting the vulnerabilities in firmware upgrades to install malicious firmware. To address this problem, we propose a sustainable and practical firmware upgrade for a WAP using password-based authentication. The proposed upgrade protocol ensures security by adding freshness to the firmware whenever a firmware upgrade occurs. This freshness is different for each event and each firmware; therefore, even if the freshness of one firmware is exposed, the others are secure. In addition, confidentiality, integrity, and authentication are ensured. Furthermore, the proposed protocol can be easily implemented and adapted to WAPs. Experiments are performed to evaluate the upgrade time, resource usage, and code size in wired and wireless connected environments by implementing a prototype and analyzing the security of the protocol. The results show that the proposed upgrade is secure and practical.

show abstract

How does this message make you feel? A study of user perspectives on software update/warning message design

Cited by 16 publications

References 20 publications

An investigation into users’ considerations towards using password managers

An investigation into users’ considerations towards using password managers

In Control with no Control: Perceptions and Reality of Windows 10 Home Edition Update Features

Sustainable and Practical Firmware Upgrade for Wireless Access Point Using Password-Based Authentication

Contact Info

Product

Resources

About